[PATCH][PYTHON] Fix replPropertyMetaData sort order for schema extension attributes

Mon Aug 24 04:03:48 UTC 2015

On Wed, 2015-08-12 at 11:45 +1200, Andrew Bartlett wrote:
> On Wed, 2015-08-05 at 20:19 +1200, Andrew Bartlett wrote:
> > On Wed, 2015-08-05 at 09:23 +0200, Stefan Metzmacher wrote:
> > > Hi Andrew,
> > > 
> > > > > > > - Do we have a test that checks the objectClass sorting 
> > > > > > > against the 
> > > > > > > LDAP
> > > > > > > server
> > > > > > >   (and passed against windows)?
> > > > > > 
> > > > > > No, not currently.  We should have it check that the 
> > > > > > correct
> > > > > > attributeID is added, that it is sorted, and that when 
> > > > > > entries are
> > > > > > modified, replaced or deleted, that the version is 
> > > > > > incremented. 
> > > > > 
> > > > > That an answer to the wrong question...
> > > > 
> > > > Ah. :-)
> > > > 
> > > > > My question was about the sorting of objectClass values:
> > > > > https://git.samba.org/?p=abartlet/samba.git/.git;a=commitdiff
> > > > > ;h
> > > > > =c74751d5e89e9b36a0987589f4dd0e481137561d
> > > > 
> > > > I have no intention of matching Windows behaviour there.  The 
> > > > docs (and
> > > > I should reference those) say the order is undefined for AUX 
> > > > classes.
> > > 
> > > I'm sorry but we really need to match Windows, everything else 
> > > will
> > > cause problems
> > > with poorly written admin scripts.
> > 
> > > And we need tests to prove it our behavior matches a Windows 
> > > server.
> > 
> > Then please NAK the patch until you can come up with a behaviour 
> > you 
> > can
> > live with. 
> > 
> > To be clear, each time the objectClass list is modified, the 
> > portion 
> > of
> > the list with AUX classes reverses. 
> 
> I've dropped these patches from the replmetadata-sort-minimal branch,
> but I still think this is the best solution for having the dbcheck 
> code
> testable. 
> 
> > > > > 
> > > > > > > - Please add BUG: https:... tags to the commit messages
> > > > > > >   We want to backport this at least to v4-3-test and v4-2
> > > > > > > -test, but
> > > > > > > maybe also to v4-1-test...
> > > > > > 
> > > > > > The key is to backport 
> > > > > > 61b978872fe86906611f64430b2608f5e7ea7ad8, then
> > > > > > these to fix up broken databases. 
> > > > > > 
> > > > > > The big remaining issue is that our msDS-IntID handling is 
> > > > > > totally
> > > > > > broken.  We use that only when pushing the values over the 
> > > > > > network with
> > > > > > GetNCChanges, but not during storage in 
> > > > > > replPropertyMetaData.
> > > > > >   This
> > > > > > means for the an object with the same attribute modified on 
> > > > > > 
> > > > > > two servers
> > > > > > we can end up with metadata for an entry twice, once for 
> > > > > > each 
> > > > > > style of
> > > > > > attributeID.
> > > > > 
> > > > > Ok, do we have bug reports for all this problems?
> > > > 
> > > > Not yet.
> > > 
> > > Please add them and cc me.
> > 
> > Certainly.
> 
> See bug https://bugzilla.samba.org/show_bug.cgi?id=11443
> 
> Now that this has been done, and with the sorting issues put aside 
> for
> the moment, can you please review the remaining patches?
> 
> git://git.samba.org/abartlet/samba.git replmetadata-sort-minimal
> https://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/he
> ad
> s/replmetadata-sort-minimal
> 
> (On a positive note, while dbcheck is left flapping, it is at least
> tested in the dbcheck-oldrelease tests, so the changes are still 
> being
> tested). 

Can I please get a review of these changes?

As users move from Samba 4.0 and 4.1 due to moving out of security /
maintenance support, fixing this will only become more critical.

Remember that without this patch and running dbcheck on the existing
databases, it is not possible to replicate older versions to a modern
Samba version.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba