Bug 33616 - Tool for list and remove conflicted and deleted objects
Tool for list and remove conflicted and deleted objects
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 3.2
Other Linux
: P5 enhancement (vote)
: UCS 3.2-1-errata
Assigned To: Felix Botner
Arvid Requate
:
Depends on: 33977
Blocks: 34516
  Show dependency treegraph
 
Reported: 2013-11-29 11:02 CET by Stefan Gohmann
Modified: 2018-01-31 10:13 CET (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2013-11-29 11:02:13 CET
A Samba tool would be helpful to list and delete all deleted and conflicted objects (*\0CNF:* and *\0DEL:*).

With this tool it should be possible to run an interactive or non-interactive mode. All objects selected for deletion should be written to /var/univention-backup/samba4.
Comment 1 Tim Petersen univentionstaff 2014-01-31 10:06:55 CET
Would be VERY helpful at support work, at least.
Comment 2 Felix Botner univentionstaff 2014-02-24 14:38:17 CET
Conflicts:
----------
(97_bug33616-samba-tool-drs-new-subcommand-conflicts.patch)

Added "samba-tool drs conflicts" to list and delete "\0ACNF" objects.
  --verbose             print ldif of conflict objects
  --delete              delete all conflict objects
  --dn=DN               delete only given dn/conflict (if found)
  --non-interactive     do not ask for deletion

-> samba-tool drs conflicts 
Conflict: CN=test2\0ACNF:745998bf-3d6d-43a6-addf-984552e51f1b,DC=perf,DC=test

-> samba-tool drs conflicts --delete
Conflict: CN=test2\0ACNF:745998bf-3d6d-43a6-addf-984552e51f1b,DC=perf,DC=test
Delete object with dn CN=test2\0ACNF:745998bf-3d6d-43a6-addf-984552e51f1b,DC=perf,DC=test? [y/N/all/none]

Object without objectclass:
---------------------------
(97_bug33616-samba-tool-dbcheck-handle-missing-objectclass.patch)

We don't want to delete \0DEL objects (they maybe needed for drs replication). But it turned out, that all those objects, that caused an error, where indeed deleted objects but without an objectclass. So i added a test for objects without objectclass in samba-tool dbcheck.

-> samba-tool dbcheck 
Checking 1378 objects
ERROR: missing objectclass in object cn=pbackup\0ADEL:9929fb9c-556f-45f5-bc20-51583589b51a,CN=Deleted Objects,DC=perf,DC=test
Not deleting object with missing objectclass 'cn=pbackup\0ADEL:9929fb9c-556f-45f5-bc20-51583589b51a,CN=Deleted Objects,DC=perf,DC=test'
ERROR: missing objectclass in object CN=test8,DC=perf,DC=test
Not deleting object with missing objectclass 'CN=test8,DC=perf,DC=test'

Links to removed objects:
-------------------------

See http://sdb.univention.de/content/6/242/en/samba-4-_-deleted-objects.html
This is already repaired by dbcheck.

-> ldbsearch -H /var/lib/samba/private/sam.ldb objectclass=domain masteredBy
# record 1
dn: DC=perf,DC=test
masteredBy: CN=NTDS Settings,CN=PMASTER,CN=Servers,CN=Default-First-Site-Name,
 CN=Sites,CN=Configuration,DC=perf,DC=test
masteredBy: cn=pbackup\0ADEL:9929fb9c-556f-45f5-bc20-51583589b51a,CN=Deleted O
 bjects,DC=perf,DC=test

-> samba-tool dbcheck --fix
Checking 1377 objects
ERROR: target DN is deleted for masteredBy in object DC=perf,DC=test - <GUID=9929fb9c-556f-45f5-bc20-51583589b51a>;cn=pbackup\0ADEL:9929fb9c-556f-45f5-
bc20-51583589b51a,CN=Deleted Objects,DC=perf,DC=test
Target GUID points at deleted DN cn=pbackup\0ADEL:9929fb9c-556f-45f5-bc20-51583589b51a,CN=Deleted Objects,DC=perf,DC=test
Remove DN link? [y/N/all/none] y
Removed deleted DN on attribute masteredBy
ldbsearch --cross-ncs --show-deleted -H /var/lib/samba/private/sam.ldb | grep "\0ADEL"
masteredBy: CN=NTDS Settings\0ADEL:269337d0-8610-4613-a2a4-ecf1bd4ea78e,CN=BAC KUP\0ADEL:785f0de4-88b1-47bd-b4cd-69ab02e73f6c,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=domain,DC=test

-> ldbsearch -H /var/lib/samba/private/sam.ldb objectclass=domain masteredBy
# record 1
dn: DC=perf,DC=test
masteredBy: CN=NTDS Settings,CN=PMASTER,CN=Servers,CN=Default-First-Site-Name,
 CN=Sites,CN=Configuration,DC=perf,DC=test

YAML: 2014-01-08-samba.yaml
Comment 3 Arvid Requate univentionstaff 2014-04-02 21:04:08 CEST
A) missing objectclass:

I now have a script to somehow trigger samba DRS replication to create an object with missing objectclass. After doing this, the samba-tool dbcheck now reports about the broken object.

If I choose to delete it, samba-tool dbcheck --fix turns the object into an \0ADEL: object below "CN=Deleted Objects", which might not be exactly what I want, since we still have an object with missing objectclass.

If I rund the --fix again, I can finally remove the \0ADEL: object as well.

So, maybe we should purge this object out of existance directly?


B) conflicting objects:

OK, "samba-tool drs conflicts"  and   --delete work. The --delete turns the object into an \0ADEL: object below "CN=Deleted Objects". I think this is ok in this case?
Comment 4 Felix Botner univentionstaff 2014-04-07 11:51:49 CEST
A) This is the upstream patch and should be enough for now. 

B) handling of name conflic objects has moved to "samba-tool dbcheck --check-for-conflicts"
Comment 5 Arvid Requate univentionstaff 2014-04-07 17:09:57 CEST
Ok, both features work.
Comment 6 Moritz Muehlenhoff univentionstaff 2014-04-09 08:24:38 CEST
http://errata.univention.de/ucs/3.2/81.html