723 – Domain-Join on ldapsam-DCs fails with readonly-LDAP-Slaves

Bug 723 - Domain-Join on ldapsam-DCs fails with readonly-LDAP-Slaves

Summary: Domain-Join on ldapsam-DCs fails with readonly-LDAP-Slaves

Status:	CLOSED FIXED

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	User/Group Accounts (show other bugs)
Version:	3.0.0
Hardware:	Other Linux

Importance:	P3 normal
Target Milestone:	none
Assignee:	Andrew Bartlett
QA Contact:

URL:
Keywords:

Depends on:
Blocks:

Reported:	2003-11-06 05:23 UTC by Guenther Deschner
Modified:	2005-08-24 10:15 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Guenther Deschner 2003-11-06 05:23:50 UTC

This is a remainder of the well-known (and documented) error that comes up with
using a Samba-Domain-Controller in a replicated OpenLDAP-Setup:

If you join a workstation onto a Domain-Controller that itself is configured to
use a readonly OpenLDAP-Slave the account is not replicated fast enough. Thus
the modified or created account will not be found by the subsequent
pdb-functions and your domain join will fail. 

The problem is very easy to workaround with simple sleep-calls in
passdb/passdb.c:local_password_change and/or source/rpc_server/srv_samr_nt.c
(don't remember where exactly)

Andrew Bartlett proposed to invent sequence-number(s) to track replicated entries.

Comment 1 Guenther Deschner 2003-11-11 04:23:07 UTC

Oh. Stefan (Metze) Metzmacher started a discussion about this topic already a
year ago(!):

http://marc.theaimsgroup.com/?l=samba-technical&m=103546406125730&w=2

Comment 2 Andrew Bartlett 2003-12-25 16:58:21 UTC

Metze's patch has been applied, adding an 'ldap replication sleep'.

Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:15:43 UTC

sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.