Progress on drs testing failures

Andrew Bartlett abartlet at samba.org
Thu May 30 08:21:06 MDT 2013 

I'm back looking at DRS testing failures.  There are three that concern
me:
 - the flakey tests
 - the segfault due to schema changes (this is what I wasn't wanting to
loose when obnox's patches 'broke'). 
 - dbcheck errors when we add extra tests

I'm working on the last one (sorry, I know the others are annoying and
important) because it reproduces reliably in about 20mins of testing,
with

make test TESTS="acl fsmo drs promoted dbcheck"

the dbcheck at the end for promoted_dc gives:
ERROR: incorrect RMD_FLAGS value 0 for attribute 'managedBy' in
CN=TESTRODC8\0ADEL:f89151f6-02c7-4952-9613-5471586fc5f0,CN=Deleted
Objects,DC=samba,DC=example,DC=com for link
<GUID=f7042449-ed49-4974-93d4-0472093db6b6>;<RMD_ADDTIME=130143942350000000>;<RMD_CHANGETIME=130143942350000000>;<RMD_FLAGS=0>;<RMD_INVOCID=affc5d03-1c76-4f24-87bb-c6438de9c455>;<RMD_LOCAL_USN=3845>;<RMD_ORIGINATING_USN=4624>;<RMD_VERSION=0>;<SID=S-1-5-21-3942284751-4103511476-2935115191-500>;CN=Administrator,CN=Users,DC=samba,DC=example,DC=com
Not fixing incorrect RMD_FLAGS 0
ERROR: incorrect RMD_FLAGS value 0 for attribute 'msDS-KrbTgtLink' in
CN=TESTRODC8\0ADEL:f89151f6-02c7-4952-9613-5471586fc5f0,CN=Deleted
Objects,DC=samba,DC=example,DC=com for link
<GUID=9898c6fa-d681-4089-a66c-7323f71256bc>;<RMD_ADDTIME=130143942350000000>;<RMD_CHANGETIME=130143942350000000>;<RMD_FLAGS=0>;<RMD_INVOCID=affc5d03-1c76-4f24-87bb-c6438de9c455>;<RMD_LOCAL_USN=3846>;<RMD_ORIGINATING_USN=4626>;<RMD_VERSION=0>;<SID=S-1-5-21-3942284751-4103511476-2935115191-1276>;CN=krbtgt_3183,CN=Users,DC=samba,DC=example,DC=com
Not fixing incorrect RMD_FLAGS 0

The issue is that we don't follow the full spec in MS-DRSR 4.1.10.6.9
UpdateObject with regards to deleted objects.  Mat did the server side
work, and we no longer send link valued to deleted objects, but we have
to locally notice the change to isDeleted and delete the links (and any
other objects required to be pruned) on each NC replica.

As I dived into this recently for renames, I'm getting happier about
working on this code, and so hope to fix this soon.  That will in turn
make it easier to add and fix other DRS tests, because it is pure luck
that we pass right now (we should have failed spectacularly with dbcheck
errors). 

(BTW, there are quite so many errors because the acl.py code creates and
deletes domain controller entries for the SPN tests, multiple times). 

Once I unblock this, I hope to again attack the other DRS issues,
including retrying my approach to the schema issues, and adding safety
to stop the segfaults regardless.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list