The Samba-Bugzilla – Bug 13841
dlz_bind zone update broken
Last modified: 2019-04-03 10:31:22 UTC
Cleaning up my configuration after migrating to 4.10rc4 I saw that dynamic updates quit with NOTAUTH
Of course I checked the configuration more than twice and began tracing bind.
Luckily I have access to a "old" 4.7 installation where I saw a difference:
samba_dlz: configured writeable zone xy is not printed on 4.10
Some digging later I think the reason is the following:
For every zone in AD before adding to the "writable" list several things are checked. The thing that fails is b9_has_soa.
Even though I have a SOA record, the final call that fetches this SOA does it with this filter (in dns_common_lookup):
probably this should be
The compilation takes some time since I am on armhf architecture, but as soon as I can I will confirm if the fix above works and add a diff
Created attachment 14942 [details]
The problem actually wasnt the objectClass query but a regression introduced with 28e2a518ff32
This patch readds DC=@ to the dn before dns_common_lookup is called as it was before
Created attachment 14950 [details]
patch for 4.10.0
This patch file is rebased on 4.10.0
The patch looks correct to me. I'll see if I can get a test written for it.
Created attachment 14967 [details]
Test patch (which fails on 4.10)
(In reply to Michael Saxl from comment #2)
Can you add your Signed-off-by: tag onto the commit, and made sure you've sent in your Samba Developer Certificate of Origin (DCO)?
Created attachment 14969 [details]
selftest for this regression signed off by Garming Sam and myself
Created attachment 14972 [details]
(In reply to Michael Saxl from comment #6)
Please ignore this attachment. I must admit that i did not read or knew https://wiki.samba.org/index.php/CodeReview and was not aware what you wanted me to do.
I'm sorry about that.
(In reply to Michael Saxl from comment #8)
No worries. Some of our processes aren't very obvious for outsiders.
I've just amended your patch to instruct the test system that we're now passing the test I wrote. I will try to get this reviewed and upstream, so that we can get it into 4.10 as soon as possible.
Created attachment 14973 [details]
patch for master
Fixed in master with 6c62e05466917d9454d67eb2dd77e303e612c8a9 for Samba 4.11. Cherry-pick for 4.10 shortly.
Created attachment 14992 [details]
patch for 4.10 cherry-picked from master
(In reply to Andrew Bartlett from comment #12)
Pushed to autobuild-v4-10-test.
(In reply to Karolin Seeger from comment #13)
Pushed again to autobuild-v4-10-test.
(In reply to Karolin Seeger from comment #14)
Pushed to v4-10-test.
Closing out bug report.