From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 16 Oct 2017 22:36:03 +0000 (+1300)
Subject: repl_meta_data: Explain that we do not truncate the DN at present
X-Git-Tag: tevent-0.9.34~66
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cdb42eae898011121415f36cff27aeb8b16c9feb;p=thirdparty%2Fsamba.git

repl_meta_data: Explain that we do not truncate the DN at present

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
---

diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index bdc6aee944e..d0cf3cd36e0 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -4531,7 +4531,16 @@ static int replmd_make_prefix_child_dn(TALLOC_CTX *tmp_ctx,
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
 
-
+	/*
+	 * TODO: Per MS-ADTS 3.1.1.5.5 Delete Operation
+	 * we should truncate this value to ensure the RDN is not more than 255 chars.
+	 *
+	 * However we MS-ADTS 3.1.1.5.1.2 Naming Constraints indicates that:
+	 *
+	 * "Naming constraints are not enforced for replicated
+	 * updates." so this is safe and we don't have to work out not
+	 * splitting a UTF8 char right now.
+	 */
 	deleted_child_rdn_val = ldb_val_dup(tmp_ctx, rdn_value);
 
 	/*