[Samba] Error Upgrading Schema

Tue Nov 10 22:33:38 UTC 2020

In general we do not allow the removal of schema.

In particular, because records in samba are stored under the attribute
name, removing schema or renaming schema items describing those
attributes and objectclasses can mean records cannot be processed
correctly.

However, if you confirm you really have exactly the entry already in
the schema, you could edit the new schema not to add that particular
entry.  

Ideally we could update the tool (let me know if you would prefer this
option) to detect this and recover, but for now that would be the best
option.

Andrew Bartlett

On Tue, 2020-11-10 at 22:27 +0000, Matthew Delfino Samba List via samba
wrote:
> Hello,
> 
> Since responses were not forthcoming, I started looking for plausible
> explanations that might be unique to my company's setup. A few years
> ago, we imported ldif schema files to support directory integrations
> with Kerio Connect server. The attribute "msDS-
> MembersOfResourcePropertyList" was included in one of those ldif
> files.
> 
> Since we no longer require directory integration with Kerio Connect,
> my inclination is to remove this custom schema. If anyone has
> suggestions on how to safely remove schema alterations from Samba,
> I'd greatly appreciate it. Otherwise, I'll do my own research, see if
> and how I can remove this custom schema from my installation.
> 
> Whatever I find I'll be sure to report back to the forum in case,
> however unlikely, another administrator finds themselves in a similar
> situation.
> 
> Thanks,
> Matthew
> 
> 
> On 2020.11.06, 8:48 PM, "Matthew Delfino Samba List via samba" <
> samba at lists.samba.org> wrote:
> 
>     Thanks for taking a shot at helping me, Rowland. I found that
> someone had made this suggestion for another person in the past, so I
> ran this command before reaching out on Monday:
> 
>     > ldbsearch -H /var/lib/samba/private/sam.ldb -b
> "CN=Schema,CN=Configuration,$(echo "DC=$(hostname -d)" | sed
> 's/\./,DC=/g')" -s base objectVersion | grep 'objectVersion' | awk
> '{print $NF}'
> 
>     (Which is just a fancier way to precisely carve down to the
> version number.)
> 
>     Back then, it gave me "47."
> 
>     I ran it again today, and now it says, "My value is still 47...
> alas."
> 
>     Any other suggestions?
> 
>     Again, I appreciate your time.
> 
>     Matthew
> 
> 
>     On 2020.11.06, 9:26 AM, "samba on behalf of Rowland penny via
> samba" <samba-bounces at lists.samba.org on behalf of 
> samba at lists.samba.org> wrote:
> 
>         On 06/11/2020 14:43, Matthew Delfino Samba List via samba
> wrote:
>         >      Hello!
>         >
>         >      I just upgraded from Samba v4.10.9 to v4.11.15. The
> upgrade seems to have gone smoothly. As part of major release
> maintenance, I ran the following command on my schema master DC:
>         >
>         >      > samba-tool domain schemaupgrade
>         >
>         >      Do you have any suggestions on how to troubleshoot? My
> schema is already on version 47.
>         >
>         It looks like your schema is already at '69', try running
> this:
> 
>         ldbsearch -H /var/lib/samba/private/sam.ldb -b
>         'cn=Schema,cn=Configuration,dc=samdom,dc=example,dc=com' -s
> base
>         objectVersion
> 
>         Altered for your setup.
> 
>         Rowland
> 
> 
> 
>         --
>         To unsubscribe from this list go to the following URL and
> read the
>         instructions:  https://lists.samba.org/mailman/options/samba
> 
> 
>     © 2020 KNOCK, inc. All rights reserved. KNOCK, inc, is a
> registered trademark of KNOCK, inc. This message and any attachments
> contain information, which is confidential and/or privileged. If you
> are not the intended recipient, please refrain from any disclosure,
> copying, distribution or use of this information. Please be aware
> that such actions are prohibited. If you have received this
> transmission in error, kindly notify the sender by e-mail. Your
> cooperation is appreciated.
>     --
>     To unsubscribe from this list go to the following URL and read
> the
>     instructions:  https://lists.samba.org/mailman/options/samba
> 
> © 2020 KNOCK, inc. All rights reserved. KNOCK, inc, is a registered
> trademark of KNOCK, inc. This message and any attachments contain
> information, which is confidential and/or privileged. If you are not
> the intended recipient, please refrain from any disclosure, copying,
> distribution or use of this information. Please be aware that such
> actions are prohibited. If you have received this transmission in
> error, kindly notify the sender by e-mail. Your cooperation is
> appreciated.
-- 
Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          
https://catalyst.net.nz/services/samba