[Samba] Duplicate (not so) single-valued attributes on some DCs?

Sven Schwedas sven.schwedas at tao.at
Mon Jan 12 03:46:37 MST 2015 

On 2015-01-10 19:29, Andrew Bartlett wrote:
> On Wed, 2015-01-07 at 15:01 +0100, Sven Schwedas wrote:
>> We've run into a small issue over the holidays (I can't pinpoint it due
>> to nobody being in the office for the past three weeks and thus not
>> noticing anything): At least one LDAP entry has an (single-valued!)
>> attribute duplicated on *some* DCs, but not all of them – and said
>> attribute hasn't been modified in six months.
>>
>> Microsoft's ADSI just crashes when trying to open the entry on these
>> servers (servers that see only one value open fine).
>>
>> ldbedit doesn't let me delete the second value (It reports "0 adds  0
>> modifies  0 deletes" when trying), modifying one value changes either or
>> both values, but never deletes any. The changes are correctly replicated
>> back to the other nodes, which only see the changed value. If I try to
>> change both values, I correctly get an "<0000200D: SINGLE-VALUE
>> attribute … specified more than once>" error message.
>>
>>
>> Is this a known (replication?) issue? How can I fix it? Re-join the DCs
>> to the domain? How would I do this without fucking up other things?
> 
> It may be possible to fix it with LDIF, by using the 'replace' operation
> in the modify rather than add/delete.  However, I'm much more curious as
> to what the attribute is, how it got like that, and what we need to do
> to have dbcheck find and potentially fix such issues.

That (accidentally) seemed to have worked. Removing the attribute and
re-adding it in a second ldbedit pass correctly reset it on all member
servers.

> Can you file a bug with more detail, and let me know the bug ID?

I wrote up a (now post-mortem) bug report with all the details I can
scrape together. However, due the bad timing (sudden change over the
Christmas holidays) I cannot really pin-point the cause. It only
happened (as far as I can tell) with one single record, too.

It's filed in bugzilla as #11047.

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
http://software.tao.at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20150112/6cc0fbfc/attachment.pgp>

More information about the samba mailing list