4.5.0 upgrade samba-tool dbcheck errors
Stefan Metzmacher
metze at samba.org
Tue Oct 25 06:51:58 UTC 2016
Am 24.10.2016 um 23:44 schrieb Andrew Bartlett:
> On Mon, 2016-10-24 at 18:53 +0100, Rowland Penny wrote:
>> On Mon, 24 Oct 2016 20:44:48 +0300
>> Sergey Urushkin <urushkin at telros.ru> wrote:
>>
>>> Rowland Penny писал 2016-10-24 11:32:
>>>> On Sat, 22 Oct 2016 09:22:12 +1300
>>>> Andrew Bartlett <abartlet at samba.org> wrote:
>>>
>>>>> Once a user is removed from a group, the backlink that we use
>>>>> to
>>>>> track and catch user renames is taken away. That means that
>>>>> the
>>>>> forward link has no way of knowing, before a dbcheck, that it
>>>>> is
>>>>> pointing at the wrong DN.
>>>>>
>>>>
>>>> Yes, but the OP isn't removing the user from the group, he is
>>>> moving
>>>> the user to another ou, so I suppose the question is, how?
>>>>
>>>
>>> Well, actually I did remove user from group that gives error, but
>>> it
>>> was before upgrade to samba 4.5. After reading your comments I've
>>> tried to add and then remove users from the groups with errors -
>>> and
>>> that has fixed all mentioned errors!
>>>
>>
>> Removing a user from a group shouldn't produce that error either. You
>> remove a user from a group by deleting the 'member' attribute
>> containing the users DN from the groups object, this will also delete
>> the 'memberof' line from the users object. As far as I am aware,
>> neither of these deletions should end up tombstoned because they are
>> not 'objects'
>
> The link (the member attribute) also has metadata and is tombstoned for
> similar reasons. In Windows 2000 links were just attributes, but in
> 2003 and later functional levels, they became more like objects, with
> metadata, separate replication and (now implemented in Samba 4.5.1)
> logic to expunge them 180 days after a delete.
>
> The backlink is removed directly from the DB on 'delete', which then
> impacts on Samba's code that would otherwise keep the DN in the forward
> link updated in the tombstone. That is why moving the user around
> 'fixes' the error.
Maybe we should consider to have hidden backlinks, that may also help
the non-linked attributes with DN* syntax.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20161025/fe476c90/signature.sig>
More information about the samba-technical
mailing list