[Samba] Repair CN=DOMAINDNSZONES

[Andrew Bartlett]

On Tue, 2020-02-25 at 08:48 +0000, JeanLuc via samba wrote:
> Hi guys,
> 
> i have some issue with our company DC (samba 4.7.12 on a Debain 9 machine) and work ok from about 3 years.
> Now we tried to join another DC for redundancy but we receive the following error:

> ../../ldb_key_value/ldb_kv_index.c:2413: duplicate attribute value in CN=DIPIETROA,OU=PC,DC=example,DC=com for index on servicePrincipalName, duplicate of objectGUID 8bb534af-e1fb-4591-8460-dfa5675766dd in @INDEX:SERVICEPRINCIPALNAME:TERMSRV/DIPIETROA.example.com
> Partition[DC=example,DC=com] objects[804/927] linked_values[0/560]
> ../../ldb_key_value/ldb_kv_index.c:2413: duplicate attribute value in CN=OMNIOSBK,OU=PC,DC=example,DC=com for index on servicePrincipalName, duplicate of objectGUID e8f8df31-e78f-48ca-a43a-17b30dfee013 in @INDEX:SERVICEPRINCIPALNAME:HTTP/OMNIOSBK.example.com
> Partition[DC=example,DC=com] objects[927/927] linked_values[560/560]
> ../../ldb_key_value/ldb_kv_index.c:2413: duplicate attribute value in CN=BONAMORE,OU=PC,DC=example,DC=com for index on servicePrincipalName, duplicate of objectGUID 4164606b-d7dd-4fbd-b263-4dca38e0b519 in @INDEX:SERVICEPRINCIPALNAME:TERMSRV/BONAMORE.example.com
> 

I just want to note quickly that these, while scary, are not your
error.  Samba has for a long time permitted duplicate (if correctly
read case-insensitively) values in attributes.  This is wrong, and so
we print scary messages, but we can't deny it as it would break
everyone.  As background, there is a MR out to fix this (as I say,
unrelated issue) properly, but it needs someone to write tests:

https://gitlab.com/samba-team/samba/-/merge_requests/698

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba