On Sun, 2013-07-28 at 16:14 +0200, Achim Gottinger wrote: > Hi, > > I updated my two samba DC's from 4.0.3 to serner 4.0.7. Both servers run > debian wheezy and the add was created at the beginning of the year with > an classic upgrade to version 4.0.0. > Recent release notes do not provide information about required upgrade > tasks. So i ran. > samba-tool dbcheck --reset-well-known-acls. On the first DC it found a > few errors about missong members in computer groups whom where fixable > with samba-tool dbcheck --reset-well-known-acls --fix. > On my second DC however one issue remains. > > >samba-tool dbcheck --reset-well-known-acls > Checking 336 objects > Not fixing nTSecurityDescriptor on CN=RID Set,CN=DC1,OU=Domain > Controllers,DC=domain,DC=local > Please use --fix to fix these errors > Checked 336 objects (1 errors) > > >samba-tool dbcheck --reset-well-known-acls --fix > Checking 336 objects > Fix nTSecurityDescriptor on CN=RID Set,CN=DC1,OU=Domain > Controllers,DC=domain,DC=local? [y/N/all/none] y > Failed to fix attribute nTSecurityDescriptor : (65, "objectclass_attrs: > at least one mandatory attribute ('rIDNextRID') on entry 'CN=RID > Set,CN=DC1,OU=Domain Controllers,DC=domain,DC=local' wasn't specified!") > Checked 336 objects (1 errors)
The attached patch should resolve this issue. Let me know if it helps. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz
>From 9f0c60b6d4b4c4538e05bb1b6ee0247b9f85ccbc Mon Sep 17 00:00:00 2001 From: Andrew Bartlett <abart...@samba.org> Date: Mon, 5 Aug 2013 16:39:08 +1200 Subject: [PATCH] dsdb: Allow dbcheck to modify objects missing required attributes Signed-off-by: Andrew Bartlett <abart...@samba.org> --- source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c index 316dcf8..f290afa 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c @@ -421,10 +421,18 @@ static int attr_handler2(struct oc_context *ac) if (found_must_contain[0] != NULL && ldb_msg_check_string_attribute(msg, "isDeleted", "TRUE") == 0) { - ldb_asprintf_errstring(ldb, "objectclass_attrs: at least one mandatory attribute ('%s') on entry '%s' wasn't specified!", - found_must_contain[0], - ldb_dn_get_linearized(msg->dn)); - return LDB_ERR_OBJECT_CLASS_VIOLATION; + /* + * We allow this for dbcheck to fix the rest of this broken + * entry (which may not be broken if the attribute is + * ridNextRid on the Rid Set, which can be legitimatly + * missing) + */ + if (!ldb_request_get_control(ac->req, DSDB_CONTROL_DBCHECK)) { + ldb_asprintf_errstring(ldb, "objectclass_attrs: at least one mandatory attribute ('%s') on entry '%s' wasn't specified!", + found_must_contain[0], + ldb_dn_get_linearized(msg->dn)); + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } } if (isSchemaAttr) { -- 1.7.10.4
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba