Univention Bugzilla – Full Text Bug Listing |
Summary: | Tool for list and remove conflicted and deleted objects | ||
---|---|---|---|
Product: | UCS | Reporter: | Stefan Gohmann <gohmann> |
Component: | Samba4 | Assignee: | Felix Botner <botner> |
Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
Severity: | enhancement | ||
Priority: | P5 | CC: | jmm, petersen |
Version: | UCS 3.2 | ||
Target Milestone: | UCS 3.2-1-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=46197 | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | 33977 | ||
Bug Blocks: | 34516 |
Description
Stefan Gohmann
2013-11-29 11:02:13 CET
Would be VERY helpful at support work, at least. Conflicts: ---------- (97_bug33616-samba-tool-drs-new-subcommand-conflicts.patch) Added "samba-tool drs conflicts" to list and delete "\0ACNF" objects. --verbose print ldif of conflict objects --delete delete all conflict objects --dn=DN delete only given dn/conflict (if found) --non-interactive do not ask for deletion -> samba-tool drs conflicts Conflict: CN=test2\0ACNF:745998bf-3d6d-43a6-addf-984552e51f1b,DC=perf,DC=test -> samba-tool drs conflicts --delete Conflict: CN=test2\0ACNF:745998bf-3d6d-43a6-addf-984552e51f1b,DC=perf,DC=test Delete object with dn CN=test2\0ACNF:745998bf-3d6d-43a6-addf-984552e51f1b,DC=perf,DC=test? [y/N/all/none] Object without objectclass: --------------------------- (97_bug33616-samba-tool-dbcheck-handle-missing-objectclass.patch) We don't want to delete \0DEL objects (they maybe needed for drs replication). But it turned out, that all those objects, that caused an error, where indeed deleted objects but without an objectclass. So i added a test for objects without objectclass in samba-tool dbcheck. -> samba-tool dbcheck Checking 1378 objects ERROR: missing objectclass in object cn=pbackup\0ADEL:9929fb9c-556f-45f5-bc20-51583589b51a,CN=Deleted Objects,DC=perf,DC=test Not deleting object with missing objectclass 'cn=pbackup\0ADEL:9929fb9c-556f-45f5-bc20-51583589b51a,CN=Deleted Objects,DC=perf,DC=test' ERROR: missing objectclass in object CN=test8,DC=perf,DC=test Not deleting object with missing objectclass 'CN=test8,DC=perf,DC=test' Links to removed objects: ------------------------- See http://sdb.univention.de/content/6/242/en/samba-4-_-deleted-objects.html This is already repaired by dbcheck. -> ldbsearch -H /var/lib/samba/private/sam.ldb objectclass=domain masteredBy # record 1 dn: DC=perf,DC=test masteredBy: CN=NTDS Settings,CN=PMASTER,CN=Servers,CN=Default-First-Site-Name, CN=Sites,CN=Configuration,DC=perf,DC=test masteredBy: cn=pbackup\0ADEL:9929fb9c-556f-45f5-bc20-51583589b51a,CN=Deleted O bjects,DC=perf,DC=test -> samba-tool dbcheck --fix Checking 1377 objects ERROR: target DN is deleted for masteredBy in object DC=perf,DC=test - <GUID=9929fb9c-556f-45f5-bc20-51583589b51a>;cn=pbackup\0ADEL:9929fb9c-556f-45f5- bc20-51583589b51a,CN=Deleted Objects,DC=perf,DC=test Target GUID points at deleted DN cn=pbackup\0ADEL:9929fb9c-556f-45f5-bc20-51583589b51a,CN=Deleted Objects,DC=perf,DC=test Remove DN link? [y/N/all/none] y Removed deleted DN on attribute masteredBy ldbsearch --cross-ncs --show-deleted -H /var/lib/samba/private/sam.ldb | grep "\0ADEL" masteredBy: CN=NTDS Settings\0ADEL:269337d0-8610-4613-a2a4-ecf1bd4ea78e,CN=BAC KUP\0ADEL:785f0de4-88b1-47bd-b4cd-69ab02e73f6c,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=domain,DC=test -> ldbsearch -H /var/lib/samba/private/sam.ldb objectclass=domain masteredBy # record 1 dn: DC=perf,DC=test masteredBy: CN=NTDS Settings,CN=PMASTER,CN=Servers,CN=Default-First-Site-Name, CN=Sites,CN=Configuration,DC=perf,DC=test YAML: 2014-01-08-samba.yaml A) missing objectclass: I now have a script to somehow trigger samba DRS replication to create an object with missing objectclass. After doing this, the samba-tool dbcheck now reports about the broken object. If I choose to delete it, samba-tool dbcheck --fix turns the object into an \0ADEL: object below "CN=Deleted Objects", which might not be exactly what I want, since we still have an object with missing objectclass. If I rund the --fix again, I can finally remove the \0ADEL: object as well. So, maybe we should purge this object out of existance directly? B) conflicting objects: OK, "samba-tool drs conflicts" and --delete work. The --delete turns the object into an \0ADEL: object below "CN=Deleted Objects". I think this is ok in this case? A) This is the upstream patch and should be enough for now. B) handling of name conflic objects has moved to "samba-tool dbcheck --check-for-conflicts" Ok, both features work. |