First Last Prev Next    This bug is not in your last search results.
Bug 42115 - DRS replication blocks on re-created deleted objects
DRS replication blocks on re-created deleted objects
Status: CLOSED DUPLICATE of bug 42120
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 4.1
Other Linux
: P1 major (vote)
: UCS 4.1-4
Assigned To: Arvid Requate
Stefan Gohmann
:
Depends on: 42624
Blocks:
  Show dependency treegraph
 
Reported: 2016-08-24 19:38 CEST by Arvid Requate
Modified: 2016-11-08 13:26 CET (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.114
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2016082321000589
Bug group (optional): Error handling, Troubleshooting
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2016-08-24 19:38:16 CEST 
During analysis of Ticket#2016082321000589 we saw replication issues (for deleted objects) that are probably caused by the changes for Bug #41864.

On the DRS-replicating Samba/AD DCs showrepl showed WERR_BAD_NET_RESP for INCOMING changes on the domain partition of the UCS DC Master (S4-Connector).

log.samba on the DRS-replicating Samba/AD DC shows messages like these:

===============================================================================
[2016/08/24 17:30:23.627065,  0, pid=3924] ../source4/dsdb/repl/replicated_objects.c:783(dsdb_replicated_objects_commit)
Failed to apply records: ../ldb_tdb/ldb_index.c:1216: Failed to re-index objectGUID in cn=username\0ADEL:96833c07-835e-4853-a2e5-2635b03957c5\0ACNF:96833c07-835e-4853-a2e5-2635b03957c5,CN=Deleted Objects,DC=ucsschool,DC=local - ../ldb_tdb/ldb_index.c:1148: unique index violation on objectGUID in cn=username\0ADEL:96833c07-835e-4853-a2e5-2635b03957c5\0ACNF:96833c07-835e-4853-a2e5-2635b03957c5,CN=Deleted Objects,DC=ucsschool,DC=local: Entry already exists
===============================================================================

It looks like the changes for Bug #41864 cause the accounts to be re-created with the same objectSid but a different objectGuid and in the end that causes DRS-replication to block. Maybe it's also due to three or more Samba AD/DCs replicating.
Comment 1 Arvid Requate univentionstaff 2016-10-31 14:22:22 CET 
See Bug 41864 Comment 7, we need to fix this.
Comment 2 Arvid Requate univentionstaff 2016-11-03 20:49:34 CET 
Ok, the patch for Bug 42120 removes the ill-advised mechanism of object re-creation implemented for Bug 41864 that caused the this problem.

I had another look at the sibling Bug 41756, which allows the sync_from_ucs to happen for objects whose entryUUID has been marked as deleted in UCS but reappears. In UCS@school that can happen when a student account it moved from one school to another via UMC and then back again. This change is ok.

Even though Bug 35345 is still open and allows objects deleted and then re-created in Samba/AD to get synchronized back into OpenLDAP: They will get a different entryUUID three and the change of Bug 41756 doesn't apply and cannot cause any change in behavior, e.g. in standard UCS.

*** This bug has been marked as a duplicate of bug 42120 ***
Comment 3 Stefan Gohmann univentionstaff 2016-11-07 15:18:51 CET 
OK
Comment 4 Stefan Gohmann univentionstaff 2016-11-08 13:26:36 CET 
UCS 4.1-4 has been released:
 https://docs.software-univention.de/release-notes-4.1-4-en.html
 https://docs.software-univention.de/release-notes-4.1-4-de.html

If this error occurs again, please use "Clone This Bug".
First Last Prev Next    This bug is not in your last search results.