"servicePrincipalName" should be treated case-insensitively in respect to matching. This means that "HOST/somename" is not allowed when "host/somename" is already there. See thread "cannot rename windows xp machine in samba4" on samba-technical. I really think that this needs to be fixed before s4 final.
This branch seems to have some patches for the problem... s4:sam.py - "servicePrincipalName" - test for case-insensitiveness https://gitweb.samba.org/?p=mdw/samba.git;a=shortlog;h=44353515af2 Andrew, Matthias any plan to get this to master/v4-0-test?
They need some rework in order to pass the tests. I'm sorry but I cannot do it at the moment. I paste you the explanations which Andrew gave me some time ago: > Sadly this has required a fair bit of work, even to just get the obvious > problems sorted. > In particular, the error codes from the operator_fn() hook cannot be > ignored, and we should not pass in a memory context to a function that > does not itself return memory. > I've not had a chance to actually test these, and I'm a little worried > about what would happen for the cases where we never match (element > values containing a deleted DN). > I've pushed my rework (compiles, untested so far) to my mdw-master > branch.
Moving to 4.1 as I don't think it's critical for 4.0.0 fix can be made for 4.0.x
Metze, please have a look at my updated branch: http://gitweb.samba.org/samba.git/?p=mdw/samba.git;a=log;h=refs/heads/ldb_schema. I think I have found the issue which prevented this from working.
the ldb_schema branch fails autobuild due to errors in the 'make test' of ldb. That is the main reason this wasn't merged.
Matthias can you have a look at why your branch fails autobuid ?
(In reply to comment #6) > Matthias can you have a look at why your branch fails autobuid ? I think this will pass autobuild: https://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-mdw Matthias and Andrew, can I add your review and push it to master? Simo, can we also get your review?
(In reply to comment #7) > (In reply to comment #6) > > Matthias can you have a look at why your branch fails autobuid ? > > I think this will pass autobuild: > > https://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-mdw > > Matthias and Andrew, can I add your review and push it to master? > > Simo, can we also get your review? https://gitweb.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=780f108588616b passed autobuild twice for me.
Is this a blocker for 4.1.0 or 4.2?
(In reply to comment #9) > Is this a blocker for 4.1.0 or 4.2? Comment from Metze: For the patches for https://bugzilla.samba.org/show_bug.cgi?id=8929 (correct "servicePrincipalName" handling) I just need the permission from Andrew and Matthias to add their sign-off to the patches. I already reviewed them, but I'd like to get an ack from Simo. See https://gitweb.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=780f108588616b
I am sorry that I have not answered earlier. The patches are perfectly okay.
These tags may be added to https://gitweb.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=780f108588616b Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> If as indicated this all passes autobuild, it will be great to finally have this fixed in the tree (even if it does make some things slower).
This should be the fixed up version of the last patch (test-generic.sh). Please review! http://gitweb.samba.org/samba.git/?p=mdw/samba.git;a=commitdiff;h=118a2eee516e1bf8c4c7b799f00fab2f567ac58d
Please attach the patches and review flags to the bug report! Thanks!
ping
This gets larger than expected :-( https://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-mdw Don't block 4.1.0 it's not a regression compared to 4.0.x
Any news on this one?
Guys, I run into a 8418 mismatch problem and it seems to be cause by this issue, any progress on this? Can it make it into 4.2? This is really important for us. I would love to help testing.
@metze: any news here? Did you manage to do something? I stumbled over my patches written some years ago and so I wonder if this is still a current issue. Or has it been solved differently?
Hi folks, since I still think that this is a very crucial point for Samba's directory implementation and I have seen no one intended to fix I have resumed the work on this issue. The decision was also motivated by the recent schema work done by Andrew and his colleagues at Catalyst. @metze + @abartlet: Please find my updated branch on: https://git.samba.org/samba.git/?p=mdw/samba.git;a=log;h=refs/heads/ldb_schema.new My idea would be to launch a private autobuild on this to see if it really works. How can I approach this?
LDB tests fail with: [==========] 44 test(s) run. [==========] Running 2 test(s). [ RUN ] test_ldb_msg_find_duplicate_val [ FAILED ] test_ldb_msg_find_duplicate_val [ RUN ] test_ldb_msg_find_common_values [ FAILED ] test_ldb_msg_find_common_values [==========] 2 test(s) run.
Just to connect to dots, here is the associated mail thread for the most recent re-raising of this: https://lists.samba.org/archive/samba-technical/2018-January/124878.html
did the status of this bug change in the meantime? I got a glance at a setup that got updated to 4.9.4, which had (preexisting) duplicate servicePrincipalName attributes. dbcheck did not find any error but ldbedit was complaining about indices pointing to different GUIDs. This got fixed manually then with the previous non guid indexing samba release. This bug really needs a proper fix and dbcheck also needs to find those cases.
(In reply to Björn Jacke from comment #23) Sadly no. I agree it would be great if the mythical 'someone' could find the time to work on this. Now that we have public CI we are at least able to test the full implication of the patches more easily. The big requirement placed on any patch will be lots of tests, both unit tests at the LDB layer and integration tests on the LDAP server.
the point is that this was a "minor" issue until 4.7 this became critical issue with the introduction of the guid indexing. Anyone updating from 4.7 or earlier to 4.8 or later gets really into trouble by this bug now.
(In reply to Björn Jacke from comment #25) I'm confused as to why this is now critical, it is just a warning. The warning was put in by https://attachments.samba.org/attachment.cgi?id=14166 of bug 13335, which was a critical regression.
Again I have rebased the patch, so if someone would like to test it (https://gitlab.com/samba-team/samba/-/merge_requests/698).