fsck for AD Databases: dbcheck (was: Re: [PATCH] fix for bug 10882)
Andrew Bartlett
abartlet at samba.org
Fri Sep 9 19:51:18 UTC 2016
On Fri, 2016-09-09 at 10:10 +0200, Andreas Schneider wrote:
>
> The issue is that if you provisioned the domain with a release
> before
> 86652c02083b411ad94217a871a2bcc81f16b369 was added, there is no
> saltPrincipal
> in the database. For tdbs we have update functions to update schemas.
> I don't
> know if we have something like that for ldb's. We need one to add the
> salt
> principal if it doesn't exist yet ...
>
> I hope this helps ...
>
>
> andreas
Currently we don't have a tool to 'upgrade' a secrets.ldb file, or
check it for correctness. Certainly a tool like that, which confirms
that the passwords and principals there-in are still valid, would be
most handy.
For sam.ldb, that is the role of 'samba-tool dbcheck', and we have an
increasing number of checks there to improve our adherence to correct
constraints.
Any future 'fix up' tool (and samba_upgradedns, given this situation)
needs to be tested in the same rigorous way that dbcheck is tested.
As context, the primary test for dbcheck is
testprogs/blackbox/dbcheck{,-oldrelese}.sh
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list