git.samba.org - samba.git/commit

author	Andrew Bartlett <abartlet@samba.org>
	Mon, 26 Jun 2023 04:53:10 +0000 (16:53 +1200)
committer	Andrew Bartlett <abartlet@samba.org>
	Sun, 13 Aug 2023 21:59:29 +0000 (21:59 +0000)
commit	99579e706312192f46df33d55949db7f1475d0d0
tree	9c5a096272e9e8354a6aa5e3e06370401991c8b1	tree
parent	87414955212143b8502b4c02aca150bc72cb8de5	commit \| diff

s4-rpc_server/drsuapi: Only keep and invalidate replication cycle state for normal replication

This changes the GetNCChanges server to use a per-call state for
extended operations like RID_ALLOC or REPL_OBJ and only maintain
and (more importantly) invalidate the state during normal replication.

This allows REPL_OBJ to be called during a normal replication cycle
that continues using after that call, continuing with the same
highwatermark cookie.

Azure AD will do a sequence of (roughly)

* Normal replication (objects 1..100)
* REPL_OBJ (of 1 object)
* Normal replication (objects 101..200)

However, if there are more than 100 (in this example) objects in the
domain, and the second replication is required, the objects 1..100
are sent, as the replication state was invalidated by the REPL_OBJ call.

RN: Improve GetNChanges to address some (but not all "Azure AD Connect")
syncronisation tool looping during the initial user sync phase.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

selftest/knownfail.d/getncchanges		diff \| blob \| history
source4/rpc_server/drsuapi/dcesrv_drsuapi.h		diff \| blob \| history
source4/rpc_server/drsuapi/getncchanges.c		diff \| blob \| history