[PATCH] samba-tool dbcheck: handle missing objectClass

Andrew Bartlett abartlet at samba.org
Wed Feb 26 18:58:47 MST 2014


On Tue, 2014-02-25 at 12:25 +0100, Felix Botner wrote:
> Am Dienstag, 25. Februar 2014, 10:22:30 schrieb Felix Botner: 
> > I am not sure and we cannot reproduce this on a regular basis but it happens
> > in multiserver environments (after the replication) and all objects lacking
> > the objectClass have been "\0ADEL:" objects.
> 
> unfortunately, that is not completely true. This also affects normal (non-
> deleted) objects.
> 
> dn: CN=WIN-PC,CN=Computers,DC=abc,DC=ucs
> instanceType: 4
> whenChanged: 20140211141300.0Z
> uSNCreated: 182964
> uSNChanged: 182964
> objectGUID: 98c7d79d-bf52-4b4c-b461-51ee0a907593
> operatingSystem: Windows 7 Professional
> operatingSystemVersion: 6.1 (7601)
> operatingSystemServicePack: Service Pack 1
> msDS-SupportedEncryptionTypes: 28
> distinguishedName: CN=WIN-PC,CN=Computers,DC=abc,DC=ucs

This is a very serious issue, and I have been pointed at
https://bugzilla.samba.org/show_bug.cgi?id=10398 in connection with
this.  I agree we have no option but to delete these objects given how
little information remains.

However, we must ensure this does not happen again - these attributes
are mandatory, and if we get corrupt objects over DRS, I think we should
reject the replication.

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba






More information about the samba-technical mailing list