On Sun, 2013-07-28 at 16:14 +0200, Achim Gottinger wrote:
> Hi,
>
> I updated my two samba DC's from 4.0.3 to serner 4.0.7. Both servers run
> debian wheezy and the add was created at the beginning of the year with
> an classic upgrade to version 4.0.0.
> Recent release notes do not provide information about required upgrade
> tasks. So i ran.
> samba-tool dbcheck --reset-well-known-acls. On the first DC it found a
> few errors about missong members in computer groups whom where fixable
> with samba-tool dbcheck --reset-well-known-acls --fix.
> On my second DC however one issue remains.
>
> >samba-tool dbcheck --reset-well-known-acls
> Checking 336 objects
> Not fixing nTSecurityDescriptor on CN=RID Set,CN=DC1,OU=Domain
> Controllers,DC=domain,DC=local
> Please use --fix to fix these errors
> Checked 336 objects (1 errors)
>
> >samba-tool dbcheck --reset-well-known-acls --fix
> Checking 336 objects
> Fix nTSecurityDescriptor on CN=RID Set,CN=DC1,OU=Domain
> Controllers,DC=domain,DC=local? [y/N/all/none] y
> Failed to fix attribute nTSecurityDescriptor : (65, "objectclass_attrs:
> at least one mandatory attribute ('rIDNextRID') on entry 'CN=RID
> Set,CN=DC1,OU=Domain Controllers,DC=domain,DC=local' wasn't specified!")
> Checked 336 objects (1 errors)
The attached patch should resolve this issue. Let me know if it helps.
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz
>From 9f0c60b6d4b4c4538e05bb1b6ee0247b9f85ccbc Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <[email protected]>
Date: Mon, 5 Aug 2013 16:39:08 +1200
Subject: [PATCH] dsdb: Allow dbcheck to modify objects missing required
attributes
Signed-off-by: Andrew Bartlett <[email protected]>
---
source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
index 316dcf8..f290afa 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
@@ -421,10 +421,18 @@ static int attr_handler2(struct oc_context *ac)
if (found_must_contain[0] != NULL &&
ldb_msg_check_string_attribute(msg, "isDeleted", "TRUE") == 0) {
- ldb_asprintf_errstring(ldb, "objectclass_attrs: at least one mandatory attribute ('%s') on entry '%s' wasn't specified!",
- found_must_contain[0],
- ldb_dn_get_linearized(msg->dn));
- return LDB_ERR_OBJECT_CLASS_VIOLATION;
+ /*
+ * We allow this for dbcheck to fix the rest of this broken
+ * entry (which may not be broken if the attribute is
+ * ridNextRid on the Rid Set, which can be legitimatly
+ * missing)
+ */
+ if (!ldb_request_get_control(ac->req, DSDB_CONTROL_DBCHECK)) {
+ ldb_asprintf_errstring(ldb, "objectclass_attrs: at least one mandatory attribute ('%s') on entry '%s' wasn't specified!",
+ found_must_contain[0],
+ ldb_dn_get_linearized(msg->dn));
+ return LDB_ERR_OBJECT_CLASS_VIOLATION;
+ }
}
if (isSchemaAttr) {
--
1.7.10.4
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
