[PATCH] [WIP] Still trying to fix DRS schema replication - help needed!

Andrew Bartlett abartlet at samba.org
Mon Apr 8 04:45:27 MDT 2013


G'day,

I've for the past few months been on-and-off trying to fix up our schema
replication.  In particular, this is about fixing Samba so we can modify
the schema on one node, and have it safely propagate.  

I also want to sort out the Windows 2012 schema issue. 

We know we have issues here, because we have had some spectacular
failures in make test when we try to enable more testing.  

I've been trying to fix it so that when we import the schema over DRS,
that we incrementally 'fix' a the local schema with the remote objects,
in the hope that this means we always have a full schema, just slowly
merging to the remote one.  (We need a schema to decode DRS objects
because we store on-disk strings, not integers, for our class and
attribute names). 

To do that, I converted the attributeID/governsID -> schema lookups from
a binary search to an IDR tree, with one for < 0x7FFFFFFF and one for >=
0x7FFFFFFF because IDR is based on an 'int'. 

Of particular note is that a bisect showed the failing tests (which only
show up, so far, in a full make test) fail after these attached patches
01 and 02.

(The full series is at fix-drs-testing-10 in my repo). 

So, I'm hoping that you might be able to work out what is wrong.  If
fails both with and without the fixes in 03 and 04.

The failure is:

Schema-DN[CN=Schema,CN=Configuration,DC=samba,DC=example,DC=com]
objects[402/1582] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=samba,DC=example,DC=com]
objects[804/1582] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=samba,DC=example,DC=com]
objects[1206/1582] linked_values[0/0]
Unable to find attribute uid in the schema
Unable to convert mayContain to DRS object - WERR_GENERAL_FAILURE
ERROR(runtime): uncaught exception - (31, 'WERR_GENERAL_FAILURE')
  File "bin/python/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "bin/python/samba/netcmd/domain.py", line 552, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs,
dns_backend=dns_backend)
  File "bin/python/samba/join.py", line 1169, in join_DC
    ctx.do_join()
  File "bin/python/samba/join.py", line 1074, in do_join
    ctx.join_replicate()
  File "bin/python/samba/join.py", line 797, in join_replicate
    replica_flags=ctx.replica_flags)
  File "bin/python/samba/drs_utils.py", line 248, in replicate
    (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level,
req)
Join failed


That is, somehow this patch causes the schema in the DRS SERVER (which
isn't doing incremental loading, and should just have a normal schema)
to somehow miss the uid attribute (from rfc2307, so not a base/well
known attribute).

I've been banging my head against this for far too long, so I'm hoping
for some assistance/clues/suggestions.

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-dsdb-Fix-talloc-issues-in-dsdb_schema_copy_shallow.patch
Type: text/x-patch
Size: 2932 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130408/21cfa195/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-dsdb-schema-Use-idr-to-handle-the-attribute-and-clas.patch
Type: text/x-patch
Size: 15838 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130408/21cfa195/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-dsdb-schema-Do-not-de-allocate-duplicate-objects-dur.patch
Type: text/x-patch
Size: 2722 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130408/21cfa195/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-fixup-dsdb-schema-Use-idr-to-handle-the-attribute-an.patch
Type: text/x-patch
Size: 5683 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130408/21cfa195/attachment-0003.bin>


More information about the samba-technical mailing list