[PATCH] samba-tool dbcheck: handle missing objectClass
abartlet at samba.org
Fri Feb 28 11:49:32 MST 2014
On Fri, 2014-02-28 at 14:49 +0100, Stefan (metze) Metzmacher wrote:
> Hi Andrew,
> please see my inline comments.
Thanks, I can fix that up. Any comments as to the concept? Do you
think this is a valid check?
My other theory is that, looking at the bug:
and the code, a different possible cause is is around USNs.
get_nc_changes_build_object() has this code in it:
/* if the attribute has not changed, and it is not the
instanceType then don't include it */
if (md.ctr.ctr1.array[i].local_usn < highest_usn &&
extended_op != DRSUAPI_EXOP_REPL_SECRET &&
md.ctr.ctr1.array[i].attid != DRSUAPI_ATTID_instanceType) continue;
The purpose of this chunk is to avoid re-sending changes that the client
already has. This would be particularly important for jpegPhoto, for
However, if the highest USN the client thought it had seen was actually
higher than the one for which it had seen all objects, then a 'new'
object could be downloaded without all it's attributes.
If that is how this corruption happens, then while disturbing, this also
suggests that the fix is to force re-replication, not to delete the
object, as on at least one DC, the whole correct object exists. Anyway,
the new assertions in the patches should help with detecting this, as we
won't accept the object without an objectclass any more.
Does this only happen on domains with additional objectclasses, or also
on domains with stock schema? Is the corruption across ALL DCs, or just
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical