[PATCH] Finally run bind9_dlz spnego test, fix drs delete behaviour
Andrew Bartlett
abartlet at samba.org
Mon Jun 10 05:31:59 MDT 2013
On Wed, 2013-06-05 at 16:31 +1000, Amitay Isaacs wrote:
>
> On Tue, Jun 4, 2013 at 10:03 PM, Andrew Bartlett <abartlet at samba.org>
> wrote:
> On Tue, 2013-06-04 at 16:39 +1000, Andrew Bartlett wrote:
> > On Mon, 2013-06-03 at 22:27 +1000, Andrew Bartlett wrote:
> > > On Sun, 2013-06-02 at 23:05 +1000, Andrew Bartlett wrote:
> > > > I've been frustrated for over 6 months by why adding
> some 'simple' tests
> > > > to confirm that some of the crypto in the bind9_dlz code
> works because
> > > > it suddenly broke make test, particularly dbcheck.
> > > >
> > > > The attached patches just passed a private autobuild.
> They add the
> > > > 'problem' tests, but first we fix the behaviour of
> DRS-initiated object
> > > > deletes.
> > > >
> > > > Please review/push/comment (this patch series includes
> the usnChanged
> > > > series I posted a few days ago).
> > > >
> > > > >From here, I would like to continue to improve the
> tests - the tests in
> > > > source4/torture/drs/python/delete_object.py could be
> trivially extended
> > > > to add a 'description' and 'memberOf' element that we
> should ensure gets
> > > > deleted on both hosts, for example. We could also watch
> usnChanged
> > > > values to ensure we delete the right stuff, but for now
> I'm simply
> > > > stunned that this could ever have worked with this
> incorrect!
> > >
> > > Just as a heads-up I'm continuing to work on these
> patches. The point
> > > tests I added (rather than just waiting for the dbcheck)
> show the issue
> > > isn't totally resolved, but is better. (I somehow found a
> > > member/memberOf link left over...).
> > >
> > > Review of this much would be helpful, but expect
> additional changes as
> > > we finally start to get this right.
> >
> > I've not finished the patch yet, but what seems clear is
> that the issue
> > comes from processing (rather that dropping/ignoring, as we
> should)
> > linked attributes and to deleted objects.
>
>
> I'm almost shocked to finally have this finished, given how
> long this
> problem has dogged me. The patches are in my
> fix-drs-testing-14 branch,
> and attached.
>
> Not only does this open up the chance to do more DRS testing,
> and more
> unrelated fixes to DRS replication (now that adding tests does
> not
> suddenly cause 'unrelated' breakages), it also allows us to
> resume
> adding tests of the bind9 DLZ module, which stalled out when
> adding
> bind9 tests broke stuff.
>
> The patches handle both normal and linked attributes,
> following all the
> special rules for deleted objects.
>
>
>
>
> Hi Andrew,
>
>
> While testing this branch I noticed that on the server object
> "dNSHostName" attribute is missing for joined DC. I have samba4 DC
> (euler-i1) and Windows DC (w2008r2-i1) joined to samba4.
>
> ==== KCC CONNECTION OBJECTS ====
>
> ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such
> element'
> File "bin/python/samba/netcmd/__init__.py", line 175, in _run
> return self.run(*args, **kwargs)
> File "bin/python/samba/netcmd/drs.py", line 177, in run
> c_server_dns = c_server_res[0]["dNSHostName"][0]
>
>
> The error in printing KCC connection objects is due to missing
> "dNSHostName" attribute.
While I've not fixed the underlying failure, I have fixed the backtrace
in this situation.
> There seem to be some more issues with replication. I was interested
> in finding out whether DNS zones replicate to windows successfully.
>
> Let me know if you need any more information.
There is sadly so much more to do. I'll keep digging as I get time -
metze is having success with the patch set we have been working on, so
I'm hopeful I'll be able to at least reduce the backlog, and start
working from a fresh start.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list