On a normal DC, naming conflicts result in conflict records, but on an RODC, the conflict records cannot be created. This was meant to cause replication to fail, however, because an error code was not being set, it was possible for RODCs to have fewer objects or updates than the highwatermark or the uptodateness vector would indicate. This lead to errors like: Failed to apply records: replmd_replicated_apply_add: error during DRS repl ADD: No objectClass found in replPropertyMetaData Which would occur because an object had been skipped. Original thread on samba-technical: https://lists.samba.org/archive/samba-technical/2018-January/124938.html
Created attachment 13960 [details] Patch against returning LDB_SUCCESS upon failure There are a number of places where we have `goto failed` without the return code being set. We could fix them all individually, or we could do something like this, catching potential future cases, or we could do both.
Created attachment 14005 [details] Patch for 4.8 cherry-picked from master
Pushed to autobuild-v4-8-test.
(In reply to Stefan Metzmacher from comment #3) Pushed to v4-8-test