Jonathan Hunter
2016-Apr-12 21:21 UTC
[Samba] Previously extended schema not working in 4.4.0
On 12 April 2016 at 07:31, Rowland penny <rpenny at samba.org> wrote:> > The schema is in another NC, so use the 'cross-ncs' switch to see the > schema.Thanks Rowland - adding --cross-ncs worked and I can now see the schema extensions using ldbedit. I can confirm that my schema extensions are definitely present, including as mentioned in the record below, which I imagine holds information required for replication and seems to be OK to me as well. (I checked two DCs (2DCG and 2DC1) and this record was the same on both, as far as I could see) So, I'm still stumped as to what is missing, and what would lead to "replmd_add: error during direct ADD: No rDN found in replPropertyMetaData" errors.. Thanks! Jonathan The record I found that seems to hold the replication information looks OK to me (with my limited knowledge, at least) : # record 712 dn: CN=Schema,CN=Configuration,DC=mydomain,DC=org,DC=uk objectClass: top objectClass: dMD cn: Schema instanceType: 13 whenCreated: 20130420175653.0Z uSNCreated: 8 objectVersion: 47 showInAdvancedViewOnly: TRUE name: Schema objectGUID: xxxxxxxx-yyyy-aaaa-bbbb-cccccccccccc objectCategory: CN=DMD,CN=Schema,CN=Configuration,DC=mydomain,DC=org,DC=uk msDs-masteredBy: CN=NTDS Settings,CN=2DC1,CN=Servers,CN=site1,CN=Sites ,CN=Configuration,DC=mydomain,DC=org,DC=uk msDs-masteredBy: CN=NTDS Settings,CN=1DC1,CN=Servers,CN=site2,CN=Sites,CN=Co nfiguration,DC=mydomain,DC=org,DC=uk msDs-masteredBy: CN=NTDS Settings,CN=2DCG,CN=Servers,CN=site1,CN=Sites,C N=Configuration,DC=mydomain,DC=org,DC=uk msDs-masteredBy: CN=NTDS Settings,CN=2DC2,CN=Servers,CN=site1,CN=Sites ,CN=Configuration,DC=mydomain,DC=org,DC=uk masteredBy: CN=NTDS Settings,CN=2DC1,CN=Servers,CN=site1,CN=Sites,CN=C onfiguration,DC=mydomain,DC=org,DC=uk masteredBy: CN=NTDS Settings,CN=1DC1,CN=Servers,CN=site2,CN=Sites,CN=Configu ration,DC=mydomain,DC=org,DC=uk masteredBy: CN=NTDS Settings,CN=2DCG,CN=Servers,CN=site1,CN=Sites,CN=Con figuration,DC=mydomain,DC=org,DC=uk masteredBy: CN=NTDS Settings,CN=2DC2,CN=Servers,CN=site1,CN=Sites,CN=C onfiguration,DC=mydomain,DC=org,DC=uk fSMORoleOwner: CN=NTDS Settings,CN=2DC1,CN=Servers,CN=site1,CN=Sites,C N=Configuration,DC=mydomain,DC=org,DC=uk whenChanged: 20150520155013.0Z uSNChanged: 12484 schemaInfo:: /aaaaaaaaaaa/bbbbbbbbbbbbbCN prefixMap: 0:2.5.4;1:2.5.6;2:1.2.840.113556.1.2;3:1.2.840.113556.1.3;4:2.16.84 0.1.101.2.2.1;5:2.16.840.1.101.2.2.3;6:2.16.840.1.101.2.1.5;7:2.16.840.1.101. 2.1.4;8:2.5.5;9:1.2.840.113556.1.4;10:1.2.840.113556.1.5;19:0.9.2342.19200300 .100;20:2.16.840.1.113730.3;21:0.9.2342.19200300.100.1;22:2.16.840.1.113730.3 .1;23:1.2.840.113556.1.5.7000;24:2.5.21;25:2.5.18;26:2.5.20;11:1.2.840.113556 .1.4.260;12:1.2.840.113556.1.5.56;13:1.2.840.113556.1.4.262;14:1.2.840.113556 .1.5.57;15:1.2.840.113556.1.4.263;16:1.2.840.113556.1.5.58;17:1.2.840.113556. 1.5.73;18:1.2.840.113556.1.4.305;27:1.3.6.1.4.1.1466.101.119;28:2.16.840.1.11 3730.3.2;29:1.3.6.1.4.1.250.1;30:1.2.840.113549.1.9;31:0.9.2342.19200300.100. 4;32:1.2.840.113556.1.6.23;33:1.2.840.113556.1.6.18.1;34:1.2.840.113556.1.6.1 8.2;35:1.2.840.113556.1.6.13.3;36:1.2.840.113556.1.6.13.4;37:1.3.6.1.1.1.1;38 :1.3.6.1.1.1.2;39:1.3.6.1.4.1.7165.4.1;40:1.3.6.1.4.1.7165.4.2;41:MY.CU.ST.OM.OID.1;42:MY.CU.ST.OM.OID.2 replUpToDateVector:: [...] repsFrom:: [...] repsFrom:: [...] repsFrom:: [...] repsTo:: [...] repsTo:: [...] repsTo:: [...] distinguishedName: CN=Schema,CN=Configuration,DC=mydomain,DC=org,DC=uk -- "If we knew what it was we were doing, it would not be called research, would it?" - Albert Einstein
Rowland penny
2016-Apr-12 21:39 UTC
[Samba] Previously extended schema not working in 4.4.0
On 12/04/16 22:21, Jonathan Hunter wrote:> > > On 12 April 2016 at 07:31, Rowland penny <rpenny at samba.org > <mailto:rpenny at samba.org>> wrote: > > The schema is in another NC, so use the 'cross-ncs' switch to see > the schema. > > > Thanks Rowland - adding --cross-ncs worked and I can now see the > schema extensions using ldbedit. > > I can confirm that my schema extensions are definitely present, > including as mentioned in the record below, which I imagine holds > information required for replication and seems to be OK to me as well. > (I checked two DCs (2DCG and 2DC1) and this record was the same on > both, as far as I could see) > > So, I'm still stumped as to what is missing, and what would lead to > "replmd_add: error during direct ADD: No rDN found in > replPropertyMetaData" errors.. > > Thanks! > > Jonathan > > > The record I found that seems to hold the replication information > looks OK to me (with my limited knowledge, at least) : > > # record 712 > dn: CN=Schema,CN=Configuration,DC=mydomain,DC=org,DC=uk > objectClass: top > objectClass: dMD > cn: Schema > instanceType: 13 > whenCreated: 20130420175653.0Z > uSNCreated: 8 > objectVersion: 47 > showInAdvancedViewOnly: TRUE > name: Schema > objectGUID: xxxxxxxx-yyyy-aaaa-bbbb-cccccccccccc > objectCategory: CN=DMD,CN=Schema,CN=Configuration,DC=mydomain,DC=org,DC=uk > msDs-masteredBy: CN=NTDS Settings,CN=2DC1,CN=Servers,CN=site1,CN=Sites > ,CN=Configuration,DC=mydomain,DC=org,DC=uk > msDs-masteredBy: CN=NTDS > Settings,CN=1DC1,CN=Servers,CN=site2,CN=Sites,CN=Co > nfiguration,DC=mydomain,DC=org,DC=uk > msDs-masteredBy: CN=NTDS Settings,CN=2DCG,CN=Servers,CN=site1,CN=Sites,C > N=Configuration,DC=mydomain,DC=org,DC=uk > msDs-masteredBy: CN=NTDS Settings,CN=2DC2,CN=Servers,CN=site1,CN=Sites > ,CN=Configuration,DC=mydomain,DC=org,DC=uk > masteredBy: CN=NTDS Settings,CN=2DC1,CN=Servers,CN=site1,CN=Sites,CN=C > onfiguration,DC=mydomain,DC=org,DC=uk > masteredBy: CN=NTDS > Settings,CN=1DC1,CN=Servers,CN=site2,CN=Sites,CN=Configu > ration,DC=mydomain,DC=org,DC=uk > masteredBy: CN=NTDS Settings,CN=2DCG,CN=Servers,CN=site1,CN=Sites,CN=Con > figuration,DC=mydomain,DC=org,DC=uk > masteredBy: CN=NTDS Settings,CN=2DC2,CN=Servers,CN=site1,CN=Sites,CN=C > onfiguration,DC=mydomain,DC=org,DC=uk > fSMORoleOwner: CN=NTDS Settings,CN=2DC1,CN=Servers,CN=site1,CN=Sites,C > N=Configuration,DC=mydomain,DC=org,DC=uk > whenChanged: 20150520155013.0Z > uSNChanged: 12484 > schemaInfo:: /aaaaaaaaaaa/bbbbbbbbbbbbbCN > prefixMap: > 0:2.5.4;1:2.5.6;2:1.2.840.113556.1.2;3:1.2.840.113556.1.3;4:2.16.84 > 0.1.101.2.2.1;5:2.16.840.1.101.2.2.3;6:2.16.840.1.101.2.1.5;7:2.16.840.1.101. > 2.1.4;8:2.5.5;9:1.2.840.113556.1.4;10:1.2.840.113556.1.5;19:0.9.2342.19200300 > .100;20:2.16.840.1.113730.3;21:0.9.2342.19200300.100.1;22:2.16.840.1.113730.3 > .1;23:1.2.840.113556.1.5.7000;24:2.5.21;25:2.5.18;26:2.5.20;11:1.2.840.113556 > .1.4.260;12:1.2.840.113556.1.5.56;13:1.2.840.113556.1.4.262;14:1.2.840.113556 > .1.5.57;15:1.2.840.113556.1.4.263;16:1.2.840.113556.1.5.58;17:1.2.840.113556. > 1.5.73;18:1.2.840.113556.1.4.305;27:1.3.6.1.4.1.1466.101.119;28:2.16.840.1.11 > 3730.3.2;29:1.3.6.1.4.1.250.1;30:1.2.840.113549.1.9;31:0.9.2342.19200300.100. > 4;32:1.2.840.113556.1.6.23;33:1.2.840.113556.1.6.18.1;34:1.2.840.113556.1.6.1 > 8.2;35:1.2.840.113556.1.6.13.3;36:1.2.840.113556.1.6.13.4;37:1.3.6.1.1.1.1;38 > :1.3.6.1.1.1.2;39:1.3.6.1.4.1.7165.4.1;40:1.3.6.1.4.1.7165.4.2;41:MY.CU.ST.OM.OID.1;42:MY.CU.ST.OM.OID.2 > replUpToDateVector:: [...] > repsFrom:: [...] > repsFrom:: [...] > repsFrom:: [...] > repsTo:: [...] > repsTo:: [...] > repsTo:: [...] > distinguishedName: CN=Schema,CN=Configuration,DC=mydomain,DC=org,DC=uk > > -- > "If we knew what it was we were doing, it would not be called > research, would it?" > - Albert EinsteinI have now remembered something, not sure if it helps but see here: https://lists.samba.org/archive/samba/2014-September/185225.html
Jonathan Hunter
2016-Apr-13 22:45 UTC
[Samba] Previously extended schema not working in 4.4.0
Thanks Rowland. On 12 April 2016 at 22:39, Rowland penny <rpenny at samba.org> wrote:> I have now remembered something, not sure if it helps but see here: > > https://lists.samba.org/archive/samba/2014-September/185225.html > >I definitely think this is in the same area - the issue I'm having also seems to be relating to replication - but I'm still not really sure why samba is suddenly rejecting the new object I am trying to create :( I have checked CN=schema on all four of my DCs using ldbedit; then saved the output to a different text file using the editor (I couldn't see an easy way to extract just this part - but this seems to have worked, at least) I checked my custom attributes: # ldbedit --cross-ncs -s sub -H ./sam.ldb -b CN=Schema,CN=Configuration,DC=mydomain,DC=org,DC=uk '(name=myattrib*)' Between all four DCs, I only found differences in the order attributes/values were returned (e.g. mustContain and mayContain have multiple values and these appeared in different orders), and uSNChanged and uSNCreated attributes had different values between DCs. On one DC (only one) the searchFlags attribute appeared in a different position within the LDAP entry; it has the same value though, so I can't believe that would matter at all. Otherwise these all looked completely identical to me, and all the attributes and types seem to be present. I also checked what I assume is part of the replication: # ldbedit --cross-ncs -s sub -H ./sam.ldb -b CN=Schema,CN=Configuration,DC=mydomain,DC=org,DC=uk '(objectCategory=CN=DMD*)' Apart from uSNChanged/uSNCreated, and the order some attributes were returned in, there seem to be some differences in repsFrom:: and repsTo::, but these are encoded, and using 'diff -u' all I immediately see is that something is either different, or perhaps the order of values returned is just different. I don't feel as though I am all that much closer to finding out why I'm getting '00202F: replmd_add: error during direct ADD: No rDN found in replPropertyMetaData' yet - but at least we're eliminating some things, I guess. I am tempted to find the line of code that produces the error, and see if I can hack some debugging into it so that it prints out some of the parameters it's looking for - but I've never delved into the samba codebase so I don't know how easy or otherwise that might be to add.. -- "If we knew what it was we were doing, it would not be called research, would it?" - Albert Einstein