On Sun, 2013-07-28 at 16:14 +0200, Achim Gottinger wrote:
> Hi,
> 
> I updated my two samba DC's from 4.0.3 to serner 4.0.7. Both servers run 
> debian wheezy and the add was created at the beginning of the year with 
> an classic upgrade to version 4.0.0.
> Recent release notes do not provide information about required upgrade 
> tasks. So i ran.
> samba-tool dbcheck --reset-well-known-acls. On the first DC it found a 
> few errors about missong members in computer groups whom where fixable 
> with samba-tool dbcheck --reset-well-known-acls --fix.
> On my second DC however one issue remains.
> 
>  >samba-tool dbcheck --reset-well-known-acls
> Checking 336 objects
> Not fixing nTSecurityDescriptor on CN=RID Set,CN=DC1,OU=Domain 
> Controllers,DC=domain,DC=local
> Please use --fix to fix these errors
> Checked 336 objects (1 errors)
> 
>  >samba-tool dbcheck --reset-well-known-acls --fix
> Checking 336 objects
> Fix nTSecurityDescriptor on CN=RID Set,CN=DC1,OU=Domain 
> Controllers,DC=domain,DC=local? [y/N/all/none] y
> Failed to fix attribute nTSecurityDescriptor : (65, "objectclass_attrs: 
> at least one mandatory attribute ('rIDNextRID') on entry 'CN=RID 
> Set,CN=DC1,OU=Domain Controllers,DC=domain,DC=local' wasn't specified!")
> Checked 336 objects (1 errors)

The attached patch should resolve this issue.  Let me know if it helps.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Catalyst IT                   http://catalyst.net.nz

>From 9f0c60b6d4b4c4538e05bb1b6ee0247b9f85ccbc Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abart...@samba.org>
Date: Mon, 5 Aug 2013 16:39:08 +1200
Subject: [PATCH] dsdb: Allow dbcheck to modify objects missing required
 attributes

Signed-off-by: Andrew Bartlett <abart...@samba.org>
---
 source4/dsdb/samdb/ldb_modules/objectclass_attrs.c |   16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
index 316dcf8..f290afa 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
@@ -421,10 +421,18 @@ static int attr_handler2(struct oc_context *ac)
 
 	if (found_must_contain[0] != NULL &&
 	    ldb_msg_check_string_attribute(msg, "isDeleted", "TRUE") == 0) {
-		ldb_asprintf_errstring(ldb, "objectclass_attrs: at least one mandatory attribute ('%s') on entry '%s' wasn't specified!",
-				       found_must_contain[0],
-				       ldb_dn_get_linearized(msg->dn));
-		return LDB_ERR_OBJECT_CLASS_VIOLATION;
+		/* 
+		 * We allow this for dbcheck to fix the rest of this broken
+		 * entry (which may not be broken if the attribute is
+		 * ridNextRid on the Rid Set, which can be legitimatly
+		 * missing)
+		 */
+		if (!ldb_request_get_control(ac->req, DSDB_CONTROL_DBCHECK)) {
+			ldb_asprintf_errstring(ldb, "objectclass_attrs: at least one mandatory attribute ('%s') on entry '%s' wasn't specified!",
+					       found_must_contain[0],
+					       ldb_dn_get_linearized(msg->dn));
+			return LDB_ERR_OBJECT_CLASS_VIOLATION;
+		}
 	}
 
 	if (isSchemaAttr) {
-- 
1.7.10.4

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to