11443 – msds-intid values mixed with OID based attributeID values after replication

Bug 11443 - msds-intid values mixed with OID based attributeID values after replication

Summary: msds-intid values mixed with OID based attributeID values after replication

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	4.3.0rc1
Hardware:	All All

Importance:	P5 major (vote)
Target Milestone:	---
Assignee:	Andrew Bartlett
QA Contact:	Samba QA Contact

URL:
Keywords:

Duplicates (1):	11047 (view as bug list)
Depends on:	11778
Blocks:	11047 11783
	Show dependency tree / graph

Reported:	2015-08-11 23:42 UTC by Andrew Bartlett
Modified:	2017-01-03 03:55 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Example of broken replPropertyMetaData (7.37 KB, text/plain) 2015-08-11 23:50 UTC, Andrew Bartlett	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andrew Bartlett 2015-08-11 23:42:31 UTC

All Samba 4.0 versions since alpha13 will, when replicating a value to a remote client/server, replace the attributeID value from the replPropertyMetaData with the value found by looking up the attribute in the schema.

When a custom schema had been added to servers running Samba, the attributes will be allocated using msDS-IntId values in GetNCChanges, but the OID-based values will be recorded in the replPropertyMetaData when changes are made locally.

This means that when changes to a custom schema object are made on two different replicating servers, that duplicate replPropertyMetaData entries are created, one for the msDS-IntID (obtained over GetNCChanges) and one for the local attributeID value based on the prefixMap and the OID.

The repl_meta_data code needs to match the getncchanges code in the server and use msDS-IntId contistently.  Tests need to be written to confirm the exact behaviour over both LDAP and GetNCChanges. 

Use of msDS-IntID was introduced in 89899f55dc1fb137a0adfd734c87b65039f598a4 and 6a51afcfdbcbce7813fb59c0655e4178268ca70e in August 2010.

Comment 1 Andrew Bartlett 2015-08-11 23:50:01 UTC

Created attachment 11328 [details]
Example of broken replPropertyMetaData

This is source4/selftest/provisions/release-4-1-0rc3/expected-replpropertymetadata-after-dbcheck.ldif in master (soon, hopefully) or in my replmetadata-sort-minimal branch.

The 0x290001 attribute is the same as one of the 0x9D... attributes.

Comment 2 Andrew Bartlett 2016-05-27 04:03:46 UTC

Fixed for Samba 4.4

Comment 3 Andrew Bartlett 2017-01-03 03:55:08 UTC

*** Bug 11047 has been marked as a duplicate of this bug. ***