DLZ plugin adds broken records?

Amitay Isaacs amitay at gmail.com
Thu May 24 19:28:21 MDT 2012 

On Tue, May 22, 2012 at 8:30 PM, Andriy Syrovenko <andriys at gmail.com> wrote:
> Hi Amitay,
>
> 2012/5/22 Amitay Isaacs <amitay at gmail.com>:
>> Any modifications to SAM database are done using DSDB ldb modules. So
>> there should not be any difference between the updates to DNS records
>> done via BIND9 DLZ module or via RPC interface. The only reason why
>> the entries might get created without a GUID component is if DSDB ldb
>> modules were not loaded while doing the modifications. Please check
>> the output of following commands:
>>
>>  # /path/to/ldbsearch -H /path/to/private/sam.ldb -s base -b @MODULES
>>  # /path/to/ldbsearch -H /path/to/private/dns/sam.ldb -s base -b @MODULES
>
> These commands produce output exactly like in your examples, i.e.:
>
> -bash-4.2# ldbsearch -H /usr/local/samba/private/sam.ldb -s base -b @MODULES
> # record 1
> dn: @MODULES
> @LIST: samba_dsdb
> distinguishedName: @MODULES
>
> # returned 1 records
> # 1 entries
> # 0 referrals
>
> -bash-4.2# ldbsearch -H /usr/local/samba/private/dns/sam.ldb -s base -b @MODULES
> # record 1
> dn: @MODULES
> @LIST: samba_dsdb
> distinguishedName: @MODULES
>
> # returned 1 records
> # 1 entries
> # 0 referrals
>
>> The other thing you can check is the actual records which are missing GUIDs.
>>
>>  # /path/to/ldbsearch -H /path/to/private/sam.ldb -b
>> "DC=DomainDnsZones,DC=example,DC=com" --extended-dn dn
>>  # /path/to/ldbsearch -H /path/to/private/dns/sam.ldb -b
>> "DC=DomainDnsZones,DC=example,DC=com" --extended-dn dn
>>
>> These commands should list all DNs in the database with "<GUID=...>
>> prefix and the output of the above commands should be identical. If
>> there is any discrepancy in the output, please let me know.
>
> The above commands produce identical output. If I change 'dn' to
> 'objectCategory' these commands still produce identical output.
> However I can see several records with missing GUID prefix in
> objectCategory attribute when inspecting the output manually. The
> records in question arrived through DDNS update today morning.

Hi Andrey,

Will it be possible for you to send me your SAM database
(private/sam.ldb*) and samba configuration file? I am unable to
reproduce the problem you are seeing regarding missing GUIDs.

Amitay.

More information about the samba-technical mailing list