samba-tool ldapcmp and rodc and instanceType attribute
Andrew Bartlett
abartlet at samba.org
Thu Nov 13 21:50:22 MST 2014
On Mon, 2014-11-10 at 21:36 +0100, Denis Cardon wrote:
> Hi all,
>
> I was doing some cleansing of replicated DC recently, I tried a ldapcmp
> between the central DC and a remote RODC. samba-tool ldapcmp already
> ignore some attribute, but I think it should also ignore the
> instanceType attribute.
>
> Comparing:
> 'DC=r1,DC=tranquilit.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=tranquilit,DC=local'
> [ldap://srvads]
> 'DC=r1,DC=tranquilit.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=tranquilit,DC=local'
> [ldap://rodc-nantes]
> Difference in attribute values:
> instanceType =>
> ['4']
> ['0']
> FAILED
>
> 0x00000004 value means that the entry is read/write on that directory,
> which is indeed not the case on the RODC (so the reported error is
> actually a correct case)
>
> Digging a little more in my RODC, I realized that many DNS entries has a
> 0x00000004 value... and only recently created entries has the 0x00000000
> value.
>
> This is probably a former bug that has been solved I guess. Do you all
> advise to make a full sync of the remote partition when one upgrade to a
> newer version to cleanup this kind of issue?
We should be able to clean that up with either a current or improve
dbcheck tool. (We know pretty well what the values should be).
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list