Bug 44635 - replPropertyMetaData fix incomplete during update to UCS 4.1-4 (4.2)
replPropertyMetaData fix incomplete during update to UCS 4.1-4 (4.2)
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2-2-errata
Assigned To: Arvid Requate
Lukas Oyen
Depends on: 44634
  Show dependency treegraph
Reported: 2017-05-18 13:54 CEST by Arvid Requate
Modified: 2017-09-13 16:35 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.069
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Ticket number: 2017071921000382
Bug group (optional): Troubleshooting
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2017-05-18 13:54:16 CEST
We should also fix this on systems that already updated to UCS 4.2.

+++ This bug was initially created as a clone of Bug #44634 +++

During the update to UCS 4.1-4 univention-samba4.postinst runs

  samba-tool dbcheck --cross-ncs --fix --yes

to fix the replPropertyMetaData attributes as recommended in the Samba 4.5.0 release notes. But in Samba 4.5.1 dbcheck aborts when groups contain deleted members:

ERROR: incorrect GUID component for member in object CN=DC Backup Hosts,CN=Groups,DC=example,DC=com - <GUID=7e45bf57cdcb78409c3cde7b3d85ecae>;<RMD_ADDTIME=130298692710000000>;<RMD_CHANGETIME=130413301070000000>;<RMD_FLAGS=1>;<RMD_INVOCID=41319e29b72a4a4bb8ff64141bec24ca>;<RMD_LOCAL_USN=5735>;<RMD_ORIGINATING_USN=5735>;<RMD_VERSION=1>;<SID=01050000000000051500000087cb2dca4485b093d6363bb068040000>;CN=someadmin,CN=Users,DC=example,DC=com
Change DN to <GUID=b20fe7f8-0cdf-4302-97d8-fcb39d402f5c>;<SID=S-1-5-21-0123456789-0123456789-0123456789-5130>;CN=someadmin,CN=Users,DC=example,DC=com? [YES]
ERROR: Failed to fix incorrect GUID on attribute member : (53, 'Attribute member already deleted for target GUID 75bf457e-cbcd-4078-9c3c-de7b3d85ecae')

We should run the dbcheck again in one of the next updates.
Comment 1 Arvid Requate univentionstaff 2017-08-10 16:46:34 CEST
r82031: Patches merged from Bug #44634

Advisory: ucs-4.2-1/doc/errata/staging/univention-samba4.yaml
Comment 2 Lukas Oyen univentionstaff 2017-08-15 10:58:30 CEST
Please adapt `run_dbcheck()` to backup to `/var/backups/samba4_update_to_errata4.2-1.$backup_id` (same with the logfile).
As you introduced a function, this should be a parameter.

Otherwise: Works, Changelog ok, YAML ok.
Comment 3 Arvid Requate univentionstaff 2017-08-15 17:14:11 CEST
Ok, I've adjusted the name and turned it into a single variable. Passing it to the function would require a safe, sensible default, which is too hard to determine for the problem at hand. I think it's ok like this.
Package rebuilt and advisory updated.
Comment 4 Lukas Oyen univentionstaff 2017-08-16 14:24:04 CEST
Comment 5 Arvid Requate univentionstaff 2017-09-13 16:35:05 CEST