samba_upgradedns (was: Re: [PATCH] fix for bug 10882)

[Andrew Bartlett]

On Thu, 2016-09-08 at 22:02 +0100, Rowland Penny wrote:
> 
> 
> I am now having second thoughts, perhaps this is the right place and
> I
> now think Andrew is wrong!!
> 
> I have been re-reading the samba_upgradedns code, the original code
> only deleted the 'dns-*' users if you were upgrading to
> 'SAMBA_INTERNAL', it also only checked for the 'dns-*' user in
> secrets.ldb and only then if you were upgrading to 'BIND(_DLZ'.
> After checking and not deleting any user (remember most people would
> be
> running this code if they had rather foolishly deleted the 'dns-*'
> user
> in sam.ldb) it then goes on to totally recreate the dns directory,
> this
> must be more disruptive than recreating a keytab that is only used by
> the DC.
> 
> My changes just make the user deletions happen before anything else
> and
> it checks in both locations and what's more it works.

I still disagree with removing accounts before the validation or
verification steps. 

However, I want to assure you that some progress is being made in this
area, and it hans't been lost.  

As part of Bob's intern-ship with Catalyst, Garming and Bob have been
writing up some tests for this area, including with old databases, in
the style of our dbcheck-oldrelease.sh test.  This and the existing
tests for this code should give us the testing background to then allow
forward progress here.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba