13675 – Group is turned invalid if member deleted via LDAP before removing him/her

Bug 13675 - Group is turned invalid if member deleted via LDAP before removing him/her

Summary: Group is turned invalid if member deleted via LDAP before removing him/her

Status:	RESOLVED INVALID

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	4.9.1
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Andrew Bartlett
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-11-05 09:00 UTC by Francesco
Modified:	2018-11-13 09:38 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Francesco 2018-11-05 09:00:18 UTC

If I have a group (cn=sirs,ou=examplegroups,dc=ad,dc=example,dc=org) with some members. I delete one of them:

./bin/pdbedit -x user

now whatever operation I perform on the group with LDAP commands with the dangling membership I receive:

ERROR - Error while modifying entry CN=sirs,OU=examplegroups,DC=ad,DC=example,DC=org in directory :javax.naming.NameNotFoundException: [LDAP: error code 32 - 00000525: specified dn doesn't exist at ../source4/dsdb/samdb/ldb_modules/extended_dn_store.c:163:extended_dn_handle_fpo_attr]; remaining name 'CN=sirs,OU=unimoregroups,DC=ad'

Group can not be handled any more through LDAP commands (ADUC works though).

The problem is twofold:
1) avoid a group is turned into invalid;
2) sanitize invalid groups (deleting them does not work, samba-tool dbcheck --repair neither).

Thank you,

franz

Comment 1 Francesco 2018-11-13 09:38:59 UTC

Sorry, I tried again today and this time deleting the stale group solves the issue.