[Samba] `samba-tool dbcheck --cross-ncs --fix` fails: governsID already exists as an attributeId or governsId

Sven Schwedas sven.schwedas at tao.at
Wed Jul 3 14:50:32 UTC 2019 

It's amazing how long Samba just keeps running even when apparently
everything's broken.

In preparation of finally upgrading our DCs to 41.0, I ran dbcheck on
all of them, resulting in:

graz-dc-sem:
> Checking 3861 objects
> Error: governsID CN=ucsUser,CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at on 1.3.6.1.4.1.19414.3.2.2 already exists as an attributeId or governsId
> Error: governsID CN=taoSharedFolder,CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at on 1.3.6.1.4.1.19414.3.2.4 already exists as an attributeId or governsId
> Error: governsID CN=taoMailingList,CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at on 1.3.6.1.4.1.19414.3.2.3 already exists as an attributeId or governsId
> Checked 3861 objects (3 errors)

All other DCs:
> Checking 3861 objects
> Error: governsID CN=ucsUser,CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at on 1.3.6.1.4.1.19414.3.2.2 already exists as an attributeId or governsId
> Error: governsID CN=taoSharedFolder,CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at on 1.3.6.1.4.1.19414.3.2.4 already exists as an attributeId or governsId
> Error: governsID CN=taoMailingList,CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at on 1.3.6.1.4.1.19414.3.2.3 already exists as an attributeId or governsId
> ERROR(runtime): uncaught exception - objectclass ucsUser marked as isDefunct objectClass in schema - not valid for new objects
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/dbcheck.py", line 157, in run
>     controls=controls, attrs=attrs)
>   File "/usr/lib/python2.7/dist-packages/samba/dbchecker.py", line 198, in check_database
>     error_count += self.check_object(object.dn, attrs=attrs)
>   File "/usr/lib/python2.7/dist-packages/samba/dbchecker.py", line 1708, in check_object
>     normalised = self.samdb.dsdb_normalise_attributes(self.samdb_schema, attrname, obj[attrname])
>   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 677, in dsdb_normalise_attributes
>     return dsdb._dsdb_normalise_attributes(ldb, ldap_display_name, ldif_elements)


All these object classes were tests we did… years ago, and which have
been "deleted" (I don't even remember by what mechanism) for almost as
long. No object should still be using any of these, and on graz-dc-sem
that's true.

There is, however, a new class called taoUser with the same X500 OID as
ucsUser that's only used in one domain account (mine, of course); on
graz-dc-sem the object correctly has the taoUser class assigned, on the
other servers it's still an ucsUser.

All servers seem to replicate without errors according to samba-tool drs
showrepl.

How do I get rid of these bogus Schema entries, and how do I fix the
user account?

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
✉ sven.schwedas at tao.at | ☎ +43 680 301 7167
TAO Digital   | Teil der TAO Beratungs- & Management GmbH
Lendplatz 45  | FN 213999f/Klagenfurt, FB-Gericht Villach
A8020 Graz    | https://www.tao-digital.at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20190703/418d8af9/signature.sig>

More information about the samba mailing list