Bug 44635

Summary: replPropertyMetaData fix incomplete during update to UCS 4.1-4 (4.2)
Product: UCS Reporter: Arvid Requate <requate>
Component: Samba4Assignee: Arvid Requate <requate>
Status: CLOSED FIXED QA Contact: Lukas Oyen <oyen>
Severity: normal    
Priority: P5 CC: gohmann
Version: UCS 4.2   
Target Milestone: UCS 4.2-2-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: Bug Report What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 2: Will only affect a few installed domains How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.069 Enterprise Customer affected?: Yes
School Customer affected?: Yes ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: 2017071921000382 Bug group (optional): Troubleshooting
Max CVSS v3 score:
Bug Depends on: 44634    
Bug Blocks:    

Description Arvid Requate univentionstaff 2017-05-18 13:54:16 CEST 
We should also fix this on systems that already updated to UCS 4.2.

+++ This bug was initially created as a clone of Bug #44634 +++

During the update to UCS 4.1-4 univention-samba4.postinst runs

  samba-tool dbcheck --cross-ncs --fix --yes

to fix the replPropertyMetaData attributes as recommended in the Samba 4.5.0 release notes. But in Samba 4.5.1 dbcheck aborts when groups contain deleted members:

ERROR: incorrect GUID component for member in object CN=DC Backup Hosts,CN=Groups,DC=example,DC=com - <GUID=7e45bf57cdcb78409c3cde7b3d85ecae>;<RMD_ADDTIME=130298692710000000>;<RMD_CHANGETIME=130413301070000000>;<RMD_FLAGS=1>;<RMD_INVOCID=41319e29b72a4a4bb8ff64141bec24ca>;<RMD_LOCAL_USN=5735>;<RMD_ORIGINATING_USN=5735>;<RMD_VERSION=1>;<SID=01050000000000051500000087cb2dca4485b093d6363bb068040000>;CN=someadmin,CN=Users,DC=example,DC=com
Change DN to <GUID=b20fe7f8-0cdf-4302-97d8-fcb39d402f5c>;<SID=S-1-5-21-0123456789-0123456789-0123456789-5130>;CN=someadmin,CN=Users,DC=example,DC=com? [YES]
ERROR: Failed to fix incorrect GUID on attribute member : (53, 'Attribute member already deleted for target GUID 75bf457e-cbcd-4078-9c3c-de7b3d85ecae')

We should run the dbcheck again in one of the next updates.
Comment 1 Arvid Requate univentionstaff 2017-08-10 16:46:34 CEST 
r82031: Patches merged from Bug #44634

Advisory: ucs-4.2-1/doc/errata/staging/univention-samba4.yaml
Comment 2 Lukas Oyen univentionstaff 2017-08-15 10:58:30 CEST 
Please adapt `run_dbcheck()` to backup to `/var/backups/samba4_update_to_errata4.2-1.$backup_id` (same with the logfile).
As you introduced a function, this should be a parameter.

Otherwise: Works, Changelog ok, YAML ok.
Comment 3 Arvid Requate univentionstaff 2017-08-15 17:14:11 CEST 
Ok, I've adjusted the name and turned it into a single variable. Passing it to the function would require a safe, sensible default, which is too hard to determine for the problem at hand. I think it's ok like this.
Package rebuilt and advisory updated.
Comment 4 Lukas Oyen univentionstaff 2017-08-16 14:24:04 CEST 
Ok.
Comment 5 Arvid Requate univentionstaff 2017-09-13 16:35:05 CEST 
<http://errata.software-univention.de/ucs/4.2/164.html>