samba-tool ldapcmp and rodc and instanceType attribute
Denis Cardon
denis.cardon at tranquil-it-systems.fr
Sat Nov 22 10:35:18 MST 2014
Le 14/11/2014 05:50, Andrew Bartlett a écrit :
> On Mon, 2014-11-10 at 21:36 +0100, Denis Cardon wrote:
>> Hi all,
>>
>> I was doing some cleansing of replicated DC recently, I tried a ldapcmp
>> between the central DC and a remote RODC. samba-tool ldapcmp already
>> ignore some attribute, but I think it should also ignore the
>> instanceType attribute.
>>
>> Comparing:
>> 'DC=r1,DC=tranquilit.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=tranquilit,DC=local'
>> [ldap://srvads]
>> 'DC=r1,DC=tranquilit.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=tranquilit,DC=local'
>> [ldap://rodc-nantes]
>> Difference in attribute values:
>> instanceType =>
>> ['4']
>> ['0']
>> FAILED
>>
>> 0x00000004 value means that the entry is read/write on that directory,
>> which is indeed not the case on the RODC (so the reported error is
>> actually a correct case)
>>
>> Digging a little more in my RODC, I realized that many DNS entries has a
>> 0x00000004 value... and only recently created entries has the 0x00000000
>> value.
>>
>> This is probably a former bug that has been solved I guess. Do you all
>> advise to make a full sync of the remote partition when one upgrade to a
>> newer version to cleanup this kind of issue?
>
> We should be able to clean that up with either a current or improve
> dbcheck tool. (We know pretty well what the values should be).
thanks for the update Andrew. I did a --sync-force on the rodc, now all
the instanceType attribute are 0 value there, so now it is consistent. I
added a --filter=instanceType on my ldapcmp check to just ignore them.
Thanks. Keep on the good job!
Denis
>
> Andrew Bartlett
>
--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr
More information about the samba-technical
mailing list