Bug 723 - Domain-Join on ldapsam-DCs fails with readonly-LDAP-Slaves
Domain-Join on ldapsam-DCs fails with readonly-LDAP-Slaves
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts
Other Linux
: P3 normal
: none
Assigned To: Andrew Bartlett
Depends on:
  Show dependency treegraph
Reported: 2003-11-06 05:23 UTC by Guenther Deschner
Modified: 2005-08-24 10:15 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Guenther Deschner 2003-11-06 05:23:50 UTC
This is a remainder of the well-known (and documented) error that comes up with
using a Samba-Domain-Controller in a replicated OpenLDAP-Setup:

If you join a workstation onto a Domain-Controller that itself is configured to
use a readonly OpenLDAP-Slave the account is not replicated fast enough. Thus
the modified or created account will not be found by the subsequent
pdb-functions and your domain join will fail. 

The problem is very easy to workaround with simple sleep-calls in
passdb/passdb.c:local_password_change and/or source/rpc_server/srv_samr_nt.c
(don't remember where exactly)

Andrew Bartlett proposed to invent sequence-number(s) to track replicated entries.
Comment 1 Guenther Deschner 2003-11-11 04:23:07 UTC
Oh. Stefan (Metze) Metzmacher started a discussion about this topic already a
year ago(!):

Comment 2 Andrew Bartlett 2003-12-25 16:58:21 UTC
Metze's patch has been applied, adding an 'ldap replication sleep'.
Comment 3 Gerald (Jerry) Carter 2005-08-24 10:15:43 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.