[PATCH] samba-tool dbcheck: handle missing objectClass
Andrew Bartlett
abartlet at samba.org
Mon Feb 24 13:31:47 MST 2014
On Mon, 2014-02-24 at 14:08 +0100, Felix Botner wrote:
> In several cases we have seen objects without the objectClass attribute.
> Here the suggestion for a patch to find such objects in "samba-tool dbcheck"
> with the option to delete them.
Do these objects have an objectCategory we could use to attempt to
reconstruct the objectClass? Alternately, should we guess what
objectClass it is based on the rest of the object?
I'm not convinced that there is anything we can do that is safer than
deleting the object, but even that isn't a particularly great outcome.
What objects does this happen on in general?
Thanks,
Andrew Bartlett
> Signed-off-by: Felix Botner <botner at univention.de>
> ---
> python/samba/dbchecker.py | 31 +++++++++++++++++++++++++++++++
> 1 file changed, 31 insertions(+)
>
> diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
> index 4281e6b..9a91ce5 100644
> --- a/python/samba/dbchecker.py
> +++ b/python/samba/dbchecker.py
> @@ -73,6 +73,7 @@ class dbcheck(object):
> self.ntds_dsa = ldb.Dn(samdb, samdb.get_dsServiceName())
> self.class_schemaIDGUID = {}
> self.wellknown_sds = get_wellknown_sds(self.samdb)
> + self.fix_all_missing_objectclass = False
>
> self.name_map = {}
> try:
> @@ -174,6 +175,18 @@ class dbcheck(object):
> return False
> return c
>
> + def do_delete(self, dn, controls, msg):
> + '''delete dn with optional verbose output'''
> + if self.verbose:
> + self.report("delete DN %s" % dn)
> + try:
> + controls = controls + ["local_oid:%s:0" % dsdb.DSDB_CONTROL_DBCHECK] + ["relax:0"]
> + self.samdb.delete(dn, controls=controls)
> + except Exception, err:
> + self.report("%s : %s" % (msg, err))
> + return False
> + return True
> +
> def do_modify(self, m, controls, msg, validate=True):
> '''perform a modify with optional verbose output'''
> if self.verbose:
> @@ -272,6 +285,16 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
> '''see if a dsdb_Dn is the special Deleted Objects DN'''
> return dsdb_dn.prefix == "B:32:%s:" % dsdb.DS_GUID_DELETED_OBJECTS_CONTAINER
>
> + def err_missing_objectclass(self, dn):
> + """handle object without objectclass"""
> + self.report("ERROR: missing objectclass in object %s" % (dn))
> + if not self.confirm_all("Delete object'%s'?" % dn, 'fix_all_missing_objectclass'):
> + self.report("Not deleting object with missing objectclass '%s'" % dn)
> + return
> + if self.do_delete(dn, ["local_oid:%s:0" % dsdb.DSDB_CONTROL_DBCHECK],
> + "Failed to remove DN %s" % dn):
> + self.report("Removed DN %s" % dn)
> +
> def err_deleted_dn(self, dn, attrname, val, dsdb_dn, correct_dn):
> """handle a DN pointing to a deleted object"""
> self.report("ERROR: target DN is deleted for %s in object %s - %s" % (attrname, dn, val))
> @@ -1018,11 +1041,15 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
> list_attrs_from_md = []
> list_attrs_seen = []
> got_repl_property_meta_data = False
> + got_objectclass = False
>
> for attrname in obj:
> if attrname == 'dn':
> continue
>
> + if str(attrname).lower() == 'objectclass':
> + got_objectclass = True
> +
> if str(attrname).lower() == 'replpropertymetadata':
> if self.has_replmetadata_zero_invocationid(dn, obj[attrname]):
> error_count += 1
> @@ -1110,6 +1137,10 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
> error_count += 1
> self.err_wrong_instancetype(obj, calculated_instancetype)
>
> + if not got_objectclass:
> + error_count += 1
> + self.err_missing_objectclass(dn)
> +
> show_dn = True
> if got_repl_property_meta_data:
> rdn = (str(dn).split(","))[0]
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list