- I've seen some problems regarding recursive directory operations: for example when I wanted do delete a subtree in ADUC (or I think also in ADSI Edit) only the root is removed. The same symptoms also when renaming a subtree. The move operation is probably also affected, but I couldn't reproduce that because it isn't yet working alright (bug 4806 - comment 5). - Another thing: When for example positions of user or machine objects change in the directory, then there have to be updated also the references in group objects (attribute "member"). Similar things when renaming or deleting such an object. - I would also like to see some protection for essential AD objects, that are created during provisioning. They shouldn't be deleted or moved (user Administrator, group Domain Admins ...) maybe only renamed. But that has to be implemented in accordance with the Windows Server behaviour.
Since it's not really a bug, I'll mark it as a feature request.
So it seems that subtree renames are now possible, but not subtree deletes. I'm right?
I've not yet looked into subtree deletes. Subtree renames are not possible, the module doesn't work yet (and is quite a nightmare...).
Subtree renames are now supported. I'll add subtree deletes shortly.
How can I reproduce it? I tested it with two nested OUs in ADUC, but it didn't work!
You will need a new provision, as we updated the module list.
As far as I can tell, subtree delete does not exist: [abartlet@ruth source]$ bin/ldbdel -H ldap://192.168.122.229 -Uadministrator%penguin12# OU=Test\ OU,DC=ad,DC=ruth,DC=abartlet,dc=net delete of 'OU=Test OU,DC=ad,DC=ruth,DC=abartlet,dc=net' failed - LDAP error 66 LDAP_NOT_ALLOWED_ON_NON_LEAF - <0000208C: UpdErr: DSID-030A048D, problem 6003 (CANT_ON_NON_LEAF), data 0 > <> I'm going to call this fixed for now. Let me know if there are any other issues
Andrew, could it be that we mean something different? I filed the bug about the missing recursive operations in the ADUC console. I tested Samba 4 SVN with your changes recently (included with a fresh provision) but the behavior is unchanged (f.e. two nested OU's I rename the outer one and the DN of the inner one isn't displayed anymore. When I name the outer one back to the original, the inner is available again and so on...)
Thankyou very much for your persistence as ever. It turned out that I broke it when making one final change, and didn't retest. Also, the ejs based test was broken. I've fixed the test, and the code, and it should all work now (-r 25710). I've also verified it in MMC.
Andrew, another problem (that what I called subtree delete): try to create a OU in ADUC console with one or more nested objects. Remove then the root OU and recreate it using the same name. You'll see that the subobjects are kept in the directory.
Can you please place those comments on bug 5037?