[PATCH] samba-tool dbcheck: handle missing objectClass
Felix Botner
botner at univention.de
Tue Mar 11 09:18:43 MDT 2014
> Felix: Any news on testing this with a genuinely corrupted network?
Unfortunately not, but I think your analysis is correct with regard to the USN
ordering related attribute skip. We had a case in our internal testing
environments which looked like a replication issue related to USN ordering,
for details see https://forge.univention.org/bugzilla/show_bug.cgi?id=33904 .
> Are all the failing installations all pure Samba?
Yes.
> Does this only happen on domains with additional objectclasses, or also
> on domains with stock schema? Is the corruption across ALL DCs, or just
> some?
This happened in a domain without schema extensions. The corruption may vary
between DCs, but I'm not 100% sure about this. Cannot confirm this currently.
> Looking at the bug:
> https://bugzilla.samba.org/show_bug.cgi?id=10398
> and the code, I think I've found a possible cause.
>
> get_nc_changes_build_object() has this code in it:
>
> /* if the attribute has not changed, and it is not the
> instanceType then don't include it */
> if (md.ctr.ctr1.array[i].local_usn < highest_usn &&
> extended_op != DRSUAPI_EXOP_REPL_SECRET &&
> md.ctr.ctr1.array[i].attid !=
> DRSUAPI_ATTID_instanceType) continue;
>
> The purpose of this chunk is to avoid re-sending changes that the client
> already has. This would be particularly important for jpegPhoto, for
> example.
>
> However, if the highest USN the client thought it had seen was actually
> higher than the one for which it had seen all objects, then a 'new'
> object could be downloaded without all it's attributes.
>
> I think that is how this corruption happens. While disturbing, this
> also suggests that the fix is to force re-replication, not to delete the
> object, as on at least one DC, the whole correct object exists.
Yes, this would pretty much explain the behavior we have seen.
--
*** CeBIT 2014 - 10. bis 14. März in Hannover: Univention in Halle 6 (H15) ***
http://www.univention.de/univention/termine/cebit-2014/
Felix Botner
Open Source Software Engineer
Univention GmbH
be open
Mary-Somerville-Str.1
28359 Bremen
Tel. : +49 421 22232-0
Fax : +49 421 22232-99
<botner at univention.de>
http://www.univention.de
Geschäftsführer: Peter H. Ganten
HRB 20755 Amtsgericht Bremen
Steuer-Nr.: 71-597-02876
More information about the samba-technical
mailing list