[Samba] Previously extended schema not working in 4.4.0

Jonathan Hunter jmhunter1 at gmail.com
Mon Apr 11 20:23:46 UTC 2016 

Hi,

About a year ago (I think I was using v4.2.x at the time), I extended the
schema of my Samba AD. This worked just fine and since then I have been
able to create and edit objects from my custom schema via ADSIEdit. This
worked fine under 4.3.x as well - the last such object I successfully
created was just over two months ago, at which point I was running some
variant of 4.3.x (probably 4.3.5).

However, last week I upgraded all my DCs to 4.4.0 (to take advantage of
the LDAP_MATCHING_RULE_IN_CHAIN fix / bug 10493) and now I have found that
can no longer create my custom objects in AD. ADSIEdit reports that "A
constraint violation occurred"; I get the same error from Apache Directory
Studio, too - details are as follows:

Error while creating entry
 - [LDAP: error code 19 - 0000202F: replmd_add: error during direct ADD: No
rDN found in replPropertyMetaData for
mytype=abc123,OU=myou,DC=mydomain,DC=org,DC=uk

I have checked using the 'Active Directory Schema' MMC snap-in, and my
custom schema classes and attributes do still seem to be showing as present
and correct, just as I originally added them many months ago - I can't spot
any problems there.

It behaves exactly the same when I try to create objects on all four of my
DCs. I can create other (non-custom) objects with no problems at all, and
replication seems to work just fine for everything else - if I create a
regular user, or modify its description, that change propagates perfectly
well across all DCs.

I suspect that some Samba database (replPropertyMetaData?) has got corrupt
or out of sync somehow - but I don't know how to investigate further. Is
this database in any kind of ldb file that I could dump / look at / edit ?

There's a chance that it broke in 4.3.6 (which was the version I used prior
to 4.4.0) - I upgraded to 4.3.6 about a week after creating the most recent
object I can find in my AD - but I am now on 4.4.0 and it's definitely
broken at the moment. If it's important, I could try to spin up an isolated
VM and restore 4.3.6 from backups.

Any pointers appreciated - I'm really not sure where to look next.

Thanks :-)

Jonathan

-- 
"If we knew what it was we were doing, it would not be called research,
would it?"
      - Albert Einstein

More information about the samba mailing list