[Samba] Previously extended schema not working in 4.4.0

Andrew Bartlett abartlet at samba.org
Thu Apr 14 10:28:45 UTC 2016 

On Mon, 2016-04-11 at 21:23 +0100, Jonathan Hunter wrote:
> Hi,
> 
> About a year ago (I think I was using v4.2.x at the time), I extended
> the
> schema of my Samba AD. This worked just fine and since then I have
> been
> able to create and edit objects from my custom schema via ADSIEdit.
> This
> worked fine under 4.3.x as well - the last such object I successfully
> created was just over two months ago, at which point I was running
> some
> variant of 4.3.x (probably 4.3.5).
> 
> However, last week I upgraded all my DCs to 4.4.0 (to take advantage
> of
> the LDAP_MATCHING_RULE_IN_CHAIN fix / bug 10493) and now I have found
> that
> can no longer create my custom objects in AD. ADSIEdit reports that
> "A
> constraint violation occurred"; I get the same error from Apache
> Directory
> Studio, too - details are as follows:
> 
> Error while creating entry
>  - [LDAP: error code 19 - 0000202F: replmd_add: error during direct
> ADD: No
> rDN found in replPropertyMetaData for
> mytype=abc123,OU=myou,DC=mydomain,DC=org,DC=uk
> 
> I have checked using the 'Active Directory Schema' MMC snap-in, and
> my
> custom schema classes and attributes do still seem to be showing as
> present
> and correct, just as I originally added them many months ago - I
> can't spot
> any problems there.
> 
> It behaves exactly the same when I try to create objects on all four
> of my
> DCs. I can create other (non-custom) objects with no problems at all,
> and
> replication seems to work just fine for everything else - if I create
> a
> regular user, or modify its description, that change propagates
> perfectly
> well across all DCs.
> 
> I suspect that some Samba database (replPropertyMetaData?) has got
> corrupt
> or out of sync somehow - but I don't know how to investigate further.
> Is
> this database in any kind of ldb file that I could dump / look at /
> edit ?
> 
> There's a chance that it broke in 4.3.6 (which was the version I used
> prior
> to 4.4.0) - I upgraded to 4.3.6 about a week after creating the most
> recent
> object I can find in my AD - but I am now on 4.4.0 and it's
> definitely
> broken at the moment. If it's important, I could try to spin up an
> isolated
> VM and restore 4.3.6 from backups.
> 
> Any pointers appreciated - I'm really not sure where to look next.

Have you run dbcheck?

samba-tool dbcheck --cross-ncs

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list