First Last Prev Next    This bug is not in your last search results.
Bug 27893 - Backup2Master entfernt Master nicht aus Samba 4 Replikationstoplogie
Backup2Master entfernt Master nicht aus Samba 4 Replikationstoplogie
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 3.0
Other Linux
: P5 normal (vote)
: UCS 3.2
Assigned To: Arvid Requate
Stefan Gohmann
: interim-1
Depends on: 26986 33382
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-12 14:35 CEST by Arvid Requate
Modified: 2013-11-19 06:43 CET (History)
4 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2012-07-12 14:35:15 CEST 
Backup2Master entfernt Master nicht aus der Samba 4 Replikationtoplogie. Dadurch liefert z.B. samba-tool drs showrepl Replikationsfehler zu dem deaktivierten System. Um zu sehen, was hier zu tun ist, kann man sich ggf an der neuen upstream "samba-tool domain demote" Funktion orientieren (die sich allerdings nur auf dem jeweiligen DC lokal ausführen lässt).


+++ This bug was initially created as a clone of Bug #26986 +++
Comment 1 Arvid Requate univentionstaff 2013-07-17 18:09:40 CEST 
If sam.ldb is found then univention-backup2master now removes
 * the machine account with the account name of the old master from samdb
 * the objectClass=server object related to the old master from samdb
 * the related NTDS-objectGUID DNS alias

Additionally the "dns-$old_master_hostname" account is removed.
Comment 2 Stefan Gohmann univentionstaff 2013-08-14 12:38:42 CEST 
Changelog: OK

(In reply to Arvid Requate from comment #1)
> If sam.ldb is found then univention-backup2master now removes
>  * the machine account with the account name of the old master from samdb
OK

>  * the objectClass=server object related to the old master from samdb
OK

>  * the related NTDS-objectGUID DNS alias

OK
 
> Additionally the "dns-$old_master_hostname" account is removed.

That didn't work in my test, it seems the user is removed in OpenLDAP and the connector is initialized later and then synced back from S4 to OpenLDAP:

root@backup132:~# egrep "(dns-master|97univention-s4-connector.inst)" /var/log/univention/backup2master.log
++ udm users/user list --filter username=dns-master131
+ dns_service_account_dn=uid=dns-master131,cn=users,dc=deadlock13,dc=local
+ '[' -n uid=dns-master131,cn=users,dc=deadlock13,dc=local ']'
+ univention-directory-manager users/user remove --dn uid=dns-master131,cn=users,dc=deadlock13,dc=local
Running 97univention-s4-connector.inst                     done
root@backup132:~#
Comment 3 Arvid Requate univentionstaff 2013-08-15 19:23:28 CEST 
The DNS service account for the old master is now also removed in the samba4 backend.
Comment 4 Stefan Gohmann univentionstaff 2013-08-16 07:47:56 CEST 
(In reply to Arvid Requate from comment #3)
> The DNS service account for the old master is now also removed in the samba4
> backend.

The account is still available after backup2master.
Comment 5 Arvid Requate univentionstaff 2013-08-19 18:43:17 CEST 
Strangely the deleted dns service account was resurrected by the initialization of the s4connector listener (Bug 32263). As a workaround the account is now deleted after initialization of the s4connector listener.

Another issue was fixed: removal of the NTDS alias record now also works.
Comment 6 Stefan Gohmann univentionstaff 2013-08-20 10:12:23 CEST 
Test S4: OK

Test S3: OK

Changelog: OK
Comment 7 Stefan Gohmann univentionstaff 2013-11-19 06:43:47 CET 
UCS 3.2 has been released:
 http://docs.univention.de/release-notes-3.2-en.html
 http://docs.univention.de/release-notes-3.2-de.html

If this error occurs again, please use "Clone This Bug".
First Last Prev Next    This bug is not in your last search results.