[Samba] Error Upgrading Schema
Matthew Delfino Samba List
mdelfino.list.samba at KNOCKinc.com
Tue Nov 10 22:47:57 UTC 2020
Andrew,
I feel that it is your prerogative to determine how many odd possibilities you want your tools to account for, so that they might know what to do rather than exit with an error. You have a better sense for how likely it is that someone in the wild is altering their schema and might have changed an already existing attribute, as it seems I did.
If you'd allow me to impose upon your generosity, can you tell me how I might be able to find out if the 4.11.x `samba-tool domain schemaupgrade` option's new schema has any content that matches the ones I imported? I *do* have copies of the original ldif files I imported, so I know how to check what I used. But where is the new schema that the schemaupgrade option uses?
I'll go looking, but perhaps your advice will help me to avoid any pitfalls.
Thanks,
Matthew
On 2020.11.10, 4:33 PM, "Andrew Bartlett" <abartlet at samba.org> wrote:
In general we do not allow the removal of schema.
In particular, because records in samba are stored under the attribute
name, removing schema or renaming schema items describing those
attributes and objectclasses can mean records cannot be processed
correctly.
However, if you confirm you really have exactly the entry already in
the schema, you could edit the new schema not to add that particular
entry.
Ideally we could update the tool (let me know if you would prefer this
option) to detect this and recover, but for now that would be the best
option.
Andrew Bartlett
On Tue, 2020-11-10 at 22:27 +0000, Matthew Delfino Samba List via samba
wrote:
> Hello,
>
> Since responses were not forthcoming, I started looking for plausible
> explanations that might be unique to my company's setup. A few years
> ago, we imported ldif schema files to support directory integrations
> with Kerio Connect server. The attribute "msDS-
> MembersOfResourcePropertyList" was included in one of those ldif
> files.
>
> Since we no longer require directory integration with Kerio Connect,
> my inclination is to remove this custom schema. If anyone has
> suggestions on how to safely remove schema alterations from Samba,
> I'd greatly appreciate it. Otherwise, I'll do my own research, see if
> and how I can remove this custom schema from my installation.
>
> Whatever I find I'll be sure to report back to the forum in case,
> however unlikely, another administrator finds themselves in a similar
> situation.
>
> Thanks,
> Matthew
>
>
> On 2020.11.06, 8:48 PM, "Matthew Delfino Samba List via samba" <
> samba at lists.samba.org> wrote:
>
> Thanks for taking a shot at helping me, Rowland. I found that
> someone had made this suggestion for another person in the past, so I
> ran this command before reaching out on Monday:
>
> > ldbsearch -H /var/lib/samba/private/sam.ldb -b
> "CN=Schema,CN=Configuration,$(echo "DC=$(hostname -d)" | sed
> 's/\./,DC=/g')" -s base objectVersion | grep 'objectVersion' | awk
> '{print $NF}'
>
> (Which is just a fancier way to precisely carve down to the
> version number.)
>
> Back then, it gave me "47."
>
> I ran it again today, and now it says, "My value is still 47...
> alas."
>
> Any other suggestions?
>
> Again, I appreciate your time.
>
> Matthew
>
>
> On 2020.11.06, 9:26 AM, "samba on behalf of Rowland penny via
> samba" <samba-bounces at lists.samba.org on behalf of
> samba at lists.samba.org> wrote:
>
> On 06/11/2020 14:43, Matthew Delfino Samba List via samba
> wrote:
> > Hello!
> >
> > I just upgraded from Samba v4.10.9 to v4.11.15. The
> upgrade seems to have gone smoothly. As part of major release
> maintenance, I ran the following command on my schema master DC:
> >
> > > samba-tool domain schemaupgrade
> >
> > Do you have any suggestions on how to troubleshoot? My
> schema is already on version 47.
> >
> It looks like your schema is already at '69', try running
> this:
>
> ldbsearch -H /var/lib/samba/private/sam.ldb -b
> 'cn=Schema,cn=Configuration,dc=samdom,dc=example,dc=com' -s
> base
> objectVersion
>
> Altered for your setup.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and
> read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
> © 2020 KNOCK, inc. All rights reserved. KNOCK, inc, is a
> registered trademark of KNOCK, inc. This message and any attachments
> contain information, which is confidential and/or privileged. If you
> are not the intended recipient, please refrain from any disclosure,
> copying, distribution or use of this information. Please be aware
> that such actions are prohibited. If you have received this
> transmission in error, kindly notify the sender by e-mail. Your
> cooperation is appreciated.
> --
> To unsubscribe from this list go to the following URL and read
> the
> instructions: https://lists.samba.org/mailman/options/samba
>
> © 2020 KNOCK, inc. All rights reserved. KNOCK, inc, is a registered
> trademark of KNOCK, inc. This message and any attachments contain
> information, which is confidential and/or privileged. If you are not
> the intended recipient, please refrain from any disclosure, copying,
> distribution or use of this information. Please be aware that such
> actions are prohibited. If you have received this transmission in
> error, kindly notify the sender by e-mail. Your cooperation is
> appreciated.
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
https://catalyst.net.nz/services/samba
© 2020 KNOCK, inc. All rights reserved. KNOCK, inc, is a registered trademark of KNOCK, inc. This message and any attachments contain information, which is confidential and/or privileged. If you are not the intended recipient, please refrain from any disclosure, copying, distribution or use of this information. Please be aware that such actions are prohibited. If you have received this transmission in error, kindly notify the sender by e-mail. Your cooperation is appreciated.
More information about the samba
mailing list