Bug 8683 - dbcheck can't fix isDeleted originating_change_time on 'CN=Deleted Objects,...'
dbcheck can't fix isDeleted originating_change_time on 'CN=Deleted Objects,...'
Status: ASSIGNED
Product: Samba 4.0
Classification: Unclassified
Component: Tools
unspecified
All All
: P5 normal
: ---
Assigned To: Andrew Bartlett
samba4-qa@samba.org
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-01-01 22:47 UTC by Michael Wood
Modified: 2016-04-14 06:43 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Wood 2012-01-01 22:47:43 UTC
I'm trying to upgrade an old installation of Samba 4 from 4.0.0alpha12-GIT-77b9b97 to alpha18-GIT-NNN (various versions with the latest I've tried being 4.0.0alpha18-GIT-e39df67)

Running samba-tool dbcheck --fix asks to fix various things as follows:

Checking 870 objects
ERROR: missing GUID component for objectCategory in object CN=ComPartitions,CN=System,DC=example,DC=com - CN=Container,CN=Schema,CN=Configuration,DC=example,DC=com
Change DN to <GUID=47288117-6896-4151-b2af-4921180a3ccf>;CN=Container,CN=Schema,CN=Configuration,DC=example,DC=com? [y/N/all/none] 

Here I answer "all" and it continues fixing a large number of similar issues until it stops to ask the following:

ERROR: missing GUID component for objectCategory in object CN=Deleted Objects,DC=example,DC=com - CN=Container,CN=Schema,CN=Configuration,DC=example,DC=com
Change DN to <GUID=47288117-6896-4151-b2af-4921180a3ccf>;CN=Container,CN=Schema,CN=Configuration,DC=example,DC=com? [YES]
Fixed missing GUID on attribute objectCategory
Fix isDeleted originating_change_time on 'CN=Deleted Objects,DC=example,DC=com' [y/N/all/none] 

I again answer "all" and it continues until it gets to:

ERROR: dsServiceName not in GUID form in @ROOTDSE
Change dsServiceName to GUID form? [y/N] 

Here I answer "y" and it finishes as follows:

Changed dsServiceName to GUID form
Checked 870 objects (226 errors)

If I immediately run the dbcheck again, I get the following:

# samba-tool dbcheck --fix
Checking 870 objects
Fix isDeleted originating_change_time on 'CN=Deleted
Objects,DC=example,DC=com' [y/N/all/none] y
Checked 870 objects (1 errors)
# samba-tool dbcheck --fix
Checking 870 objects
Fix isDeleted originating_change_time on 'CN=Deleted
Objects,DC=example,DC=com' [y/N/all/none] y
Checked 870 objects (1 errors)

So although it asks if I want to fix that error, it can't seem to do it.

And with -d10:

# samba-tool dbcheck --fix --yes -d10
INFO: Current debug levels:
[...]
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
params.c:pm_process() - Processing configuration file
"/usr/local/samba/etc/smb.conf"
Processing section "[globals]"
Processing section "[netlogon]"
Processing section "[sysvol]"
pm_process() returned Yes
Security token SIDs (1):
 SID[  0]: S-1-5-18
 Privileges (0xFFFFFFFFFFFFFFFF):
[...]
 Rights (0x               0):
lpcfg_servicenumber: couldn't find ldb
schema_fsmo_init: we are master[yes] updates allowed[no]
Checking 870 objects
Fix isDeleted originating_change_time on 'CN=Deleted
Objects,DC=example,DC=com' [YES]
ldb:acl_modify: isDeleted
Sorting rpmd with attid exception 3 rDN=CN DN=CN=Deleted
Objects,DC=example,DC=com
Checked 870 objects (1 errors)
Comment 1 Michael Wood 2012-01-03 22:21:54 UTC
After getting past an upgradeprovision problem (thanks Matthieu), I ran samba-tool dbcheck again.  It again fixed a bunch of GUID-related issues, and now it has 3 things it can't fix:

# samba-tool dbcheck --fix --yes
Checking 944 objects
ERROR: missing GUID component for wellKnownObjects in object DC=DomainDnsZones,DC=example,DC=com - B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted Objects,DC=DomainDnsZones,DC=example,DC=com
unable to find object for DN CN=Deleted Objects,DC=DomainDnsZones,DC=example,DC=com - (No such Base DN: CN=Deleted Objects,DC=DomainDnsZones,DC=example,DC=com)
Not removing dangling forward link
ERROR: missing GUID component for wellKnownObjects in object DC=ForestDnsZones,DC=example,DC=com - B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted Objects,DC=ForestDnsZones,DC=example,DC=com
unable to find object for DN CN=Deleted Objects,DC=ForestDnsZones,DC=example,DC=com - (No such Base DN: CN=Deleted Objects,DC=ForestDnsZones,DC=example,DC=com)
Not removing dangling forward link
Fix isDeleted originating_change_time on 'CN=Deleted Objects,DC=example,DC=com' [YES]
Checked 944 objects (3 errors)
Comment 2 Stefan Metzmacher 2016-04-13 14:41:13 UTC
Andrew, isn't this fixed in current releases?
Comment 3 Andrew Bartlett 2016-04-14 06:43:03 UTC
(In reply to Stefan Metzmacher from comment #2)
A patch to restore a deleted objects container (written for a client) is pending a test.  Now we are past badlock, I hope to write the test next week and push the patch.

I thought the current code was able to fix the originating change time, but I don't know if that is tested.