https://bugzilla.samba.org/show_bug.cgi?id=10398 and others

Stefan (metze) Metzmacher metze at samba.org
Thu Jul 3 08:15:48 MDT 2014 

Am 03.07.2014 00:20, schrieb Andrew Bartlett:
> On Wed, 2014-07-02 at 23:23 +0200, Stefan (metze) Metzmacher wrote:
>> Hi Andrew,
>>
>> I just noticed that we haven't backported the fixes for
>> https://bugzilla.samba.org/show_bug.cgi?id=10398 and maybe some others
>> (there was one also referring to a univention bug)
>>
>> I've created two branches with backports:
>> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/v4-1-test
>> and
>> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/v4-1-drepl
>> on top of the first one.
>>
>> v4-1-drepl contains more stuff that's not easy to backport as we would
>> require a newer ldb version
>> than older 4.1.x releases.
>>
>> Were there more patches which need to be backported? Some "conflict
>> resolving" or "deletion" patches?
> 
> Those seem to already be in 4.1

The customer used >= 4.1.6, I'll try to reproduce the problem...

>> I have a customer with strange problems.
>>
>> CN=NTDS
>> Settings,CN=DC1\ACNF:9a2f0f4f-a693-4f06-b035-2f1e05d00bfe,CN=SomeSite,....
>> Is not deleted, while
>> CN=DC1\ACNF:9a2f0f4f-a693-4f06-b035-2f1e05d00bfe,CN=SomeSite
>> is deleted. Our kcc finds this but later crash we in
>> dreplsrv_get_target_principal()
>> line 207, as dsdb_search_dn() doesn't have some logic like if
>> (dsdb_flags & DSDB_SEARCH_ONE_ONLY) {
>> in dsdb_search(). So we may get res->count == 0 instead of
>> LDB_ERR_NO_SUCH_OBJECT.
>>
>> Should we implement dsdb_search_dn() on top of dsdb_search() passing
>> DSDB_SEARCH_ONE_ONLY
>> and LDB_SCOPE_BASE?
> 
> I'm not sure, we should return ERR_NO_SUCH_OBJECT if the object is
> deleted. 

I'll implement it as

+       return dsdb_search_one(ldb, mem_ctx, msg,
+                              basedn, LDB_SCOPE_BASE,
+                              attrs, dsdb_flags, NULL);

>> Jelmer, is there a way to overload the Ldb.Dn class, within python?
>> Then we could backport the pylddb patches in a Samba specific file,
>> so that dbcheck can work with an older system pyldb.
> 
> In the past, we just required that the LDB be upgraded in-sync.  

Ok, I've backported all ldb-1.1.17 patches
and also some more patches I found while searching for dsdb related
commits in master.
https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/v4-1-drepl

I'll try to sort them and propose them to be backported on Monday.
I'll also take a look at integrating the userParameters patches...

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140703/55573818/attachment.pgp>

More information about the samba-technical mailing list