[PATCH] samba-tool dbcheck: handle missing objectClass
abartlet at samba.org
Sat Mar 22 03:10:56 MDT 2014
On Fri, 2014-03-21 at 08:58 +0100, Stefan (metze) Metzmacher wrote:
> Hi Felix,
> > + def err_missing_objectclass(self, dn):
> > + """handle object without objectclass"""
> > + self.report("ERROR: missing objectclass in object %s" % (dn))
> > + if not self.confirm_all("Delete object'%s'?" % dn, 'fix_all_missing_objectclass'):
> > + self.report("Not deleting object with missing objectclass '%s'" % dn)
> > + return
> > + if self.do_delete(dn, ["local_oid:%s:0" % dsdb.DSDB_CONTROL_DBCHECK],
> > + "Failed to remove DN %s" % dn):
> > + self.report("Removed DN %s" % dn)
> do_delete aleady adds DSDB_CONTROL_DBCHECK.
OK, I'll drop that. I'll also put some more thought into the message
and proposed action. I'm hoping Felix can confirm that a samba-tool drs
replicate --local --sync-all can fix the objects, and if so we might
wish to suggest that (and if that isn't possible, say no other replica
any longer, we should set a control to just purge the object).
> I'm wondering if it would be possible to reconstruct the objectClass
> based on the objectCategory?
I asked the same thing. The issue is that these objects only have
'recently changed' attributes, not the whole object. The bug that
created them was due to a misunderstanding between the source and
destination replica DC about which USNs had been sent to the destination
objectCategory would be in the same class - added at the time of add,
and so not replicated. Additionally, this seems to happen most often
with deleted objects, which also don't have the objectCategory.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical