Ralf Spenneberg
2022-Oct-12 10:03 UTC
[Samba] Samba does not replicate attributes added via ldbmodify
Hi Rowland, thanks a lot for the response. Of course, the attribute was proxyAddresses. Sorry for the confusion. Does Samba ldb actually use these attributes case-sensitive? LDAP ignores the case. Anyway, I did use the correct case. How long may the replication take? More than 36 hours? Kind regards, Ralf Am 12.10.22 um 09:13 schrieb Rowland Penny via samba:> > > On 12/10/2022 07:50, Ralf Spenneberg via samba wrote: >> Hi there, >> >> we are using samba 4.14.12 with two dcs. We added several >> proxyaddresses via ldbmodify to some users on one DC. Unfortunately >> these are not replicated to the other DC although "samba-tool drs >> showrepl" states the replication is successful without errors. >> >> Is there anything required to trigger the replication of the >> proxyaddresses? Did I do something wrong? >> >> Thanks a lot for any hint. >> >> Ralf >> > > did you add 'proxyaddresses' or 'proxyAddresses' ? > > Any legal attributes added to AD on one DC should replicate to all > others DC's, though it may not be instantaneous. > > Rowland >-- OpenSource Security GmbH https://os-s.de Am Bahnhof 3 48565 Steinfurt Germany Fon: +49 25 52 927009-0 Fax: +49 25 52 927009-9 Registergericht: Amtsgericht Steinfurt, HRB 12044 Gesch?ftsf?hrer: Ralf Spenneberg, Hendrik Schwartke Umsatzsteuer-Identifikationsnummer gem. ?27a UStG: DE815773501
Rowland Penny
2022-Oct-12 10:17 UTC
[Samba] Samba does not replicate attributes added via ldbmodify
On 12/10/2022 11:03, Ralf Spenneberg via samba wrote:> Hi Rowland, > > thanks a lot for the response. > Of course, the attribute was proxyAddresses. Sorry for the confusion.Not confusion, just confirming that you had used the correct attribute.> Does Samba ldb actually use these attributes case-sensitive? LDAP > ignores the case. Anyway, I did use the correct case.To set an attribute using ldbmodify, you have to use an ldif and that must use the correct attribute including the correct case. If you use ldbsearch to find an AD object, then that is a bit looser, you can use an all lowercase attribute.> > How long may the replication take? More than 36 hours?No, I was thinking in minutes, I have seen replication take approx 15 minutes. Have you run dbcheck on each database ? It may help if we could see a sanitised version of the ldif you added. Also, have you tried explicitly asking for the attribute, some attributes are only shown if you ask for them in this way. Rowland