[PATCH] Do not deleted the deleted objects container, and never write out a 0000-0000... GUID

Andrew Bartlett abartlet at samba.org
Thu Sep 19 18:30:55 CEST 2013 

This patch fixes a significant issue in our AD DC.  Without this patch,
on initial replication (ie, the join) we would 'delete' the Deleted
Objects containers, and we would write in an invalid invocationID into
the replPropertyMetaData.  This broke replication with Windows 2008R2
domains. 

We still need to do two things:

We need to get wintest back as a regular part of our testing.  It would
have found this bug, if correctly configured and running. 

We need to write a unit test for this, at the very least write a
dbchecker that can find and fix these (so flagging if we ever find such
an entry in our database), but preferably also confirm the invocationID
in replPropertyMetaData at 'runtime' somehow. 

This (bug #10157) will shortly be marked a blocker on all our 4.x
releases, it is a serious regression :-(

The primary regression is in the below, but much of the issue goes all
the way back to the rewrite of the domain join code to use join.py,
which did not pass in the invocationID. 

commit d3aad891c5759f66bd891cb47866d908a0562a8a
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Fri May 31 20:01:17 2013 +1000

    dsdb: Prune deleted objects of links and extra attributes of replicated deletes
    
    When an object is deleted, the links to be removed are not propogated,
    you have to watch out for them manually!
    
    We do this by calling back into the originating update delete code(ie
    what is called if you ldb_delete() locally) so that any extra
    attribute found locally and not on the remote server becomes removed
    remotely too.
    
    We currently do the same with links, but that isn't strictly correct,
    but for now our getNCChanges server code filters these out, so only
    the usn is bumped.
    
    Andrew Bartlett
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-delete-deleted-objects.patch
Type: text/x-patch
Size: 13907 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130919/32c419ec/attachment.bin>

More information about the samba-technical mailing list