When the (deleted) parent of a deleted object (with the DISALLOW_MOVE_ON_DELETE bit in systemFlags), is removed before the object itself, dbcheck moved it in the LostAndFound[Config] subtree of the partition as an originating change. That means that the object will be in tombstone state again for 180 days on the local DC. And other DCs fail to replicate the object as it's already removed completely there and the replication only gives the name and lastKnownParent attributes, because all other attributes should already be known to the other DC. Typically this race is unlikely to happen, but it can happen if samba is stopped/restarted by a cronjob and dbcheck also runs via a cronjob in fix mode at the same time. The result is a message in the destination DSA that a replicated object doesn't have an objectClass attribute.
Created attachment 14887 [details] Testing patches for master
The message in the log is: No objectClass found in replPropertyMetaData
Created attachment 14909 [details] Updated patches for master The change compared to the first patchset is that we now don't treat the rdn attribute (cn in most cases) as unexpected.
Created attachment 14946 [details] Patch for v4-10-test
Comment on attachment 14946 [details] Patch for v4-10-test First we need to merge https://gitlab.com/samba-team/samba/merge_requests/311 and include the patches for backports
Created attachment 15005 [details] Patches for v4-10-test
Created attachment 15006 [details] Patches for v4-9-test
Created attachment 15007 [details] Patches for v4-8-test
Pushed to autobuild-v4-{10,9,8}-test.
(In reply to Karolin Seeger from comment #9) Pushed to v4-8-test and v4-9-test, pushed again to autobuild-v4-10-test.
(In reply to Karolin Seeger from comment #10) Pushed to v4-10-test. Closing out bug report. Thanks!