Project

General

Profile

Actions

action #47072

closed

Check our DHCP-LDAP Schema

Added by flacco almost 6 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
2019-02-03
Due date:
% Done:

100%

Estimated time:

Description

During an Upgrade from Samba 4.6 to 4.7 with MIT Kerberos, it is necessary to run "samba-tool dbcheck --cross-ncs --fix".

dbcheck throws some errors related to our dhcpd-LDAP Schema. We have to check this.

Errors:


ERROR: Normalisation error for attribute mayContain in CN=iscDhcpClass,CN=Schema,CN=Configuration,DC=140-net,DC=loc
value 'iscDhcpSubClassesDN' should be 'iscDhcpSubclassesDN'
Not fixing attribute mayContain
ERROR: Duplicate values for attribute 'mayContain' in 'CN=iscDhcpClass,CN=Schema,CN=Configuration,DC=140-net,DC=loc'
Values contain a duplicate: [iscDhcpSubClassesDN,iscDhcpOptionsDN,iscDhcpStatements,iscDhcpComments,iscDhcpOption]/[iscDhcpSubClassesDN]!
Not fixing attribute 'mayContain'
ERROR: Not fixing missing 'name' on 'CN=iscDhcpClass,CN=Schema,CN=Configuration,DC=140-net,DC=loc'
ERROR: Normalisation error for attribute mustContain in CN=iscDhcpFailOverPeer,CN=Schema,CN=Configuration,DC=140-net,DC=loc
value 'iscDhcpFailoverPrimaryPort' should be 'iscDhcpFailOverPrimaryPort'
Not fixing attribute mustContain
ERROR: Duplicate values for attribute 'mustContain' in 'CN=iscDhcpFailOverPeer,CN=Schema,CN=Configuration,DC=140-net,DC=loc'
Values contain a duplicate: [cn,iscDhcpFailOverPrimaryServer,iscDhcpFailOverSecondaryServer,iscDhcpFailoverPrimaryPort,iscDhcpFailOverSecondaryPort]/[iscDhcpFailOverPrimaryServer,iscDhcpFailoverPrimaryPort,cn,iscDhcpFailOverSecondaryServer]!
Not fixing attribute 'mustContain'
ERROR: Not fixing missing 'name' on 'CN=iscDhcpFailOverPeer,CN=Schema,CN=Configuration,DC=140-net,DC=loc'
ERROR: incorrect DN SID component for member in object CN=Domain Users,CN=Users,DC=140-net,DC=loc - ;;;;;;;;CN=postmaster@140-net.loc,CN=Users,DC=140-net,DC=loc
Not fixing SID component mismatch


Actions #1

Updated by flacco almost 6 years ago

  • Description updated (diff)
Actions #2

Updated by flacco almost 6 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 10

I found and fixed the two upper/lower case problems in the objeclasses 'iscDhcpClass' and 'iscDhcpFailOverPeer'.

I found no duplicates in the mustContain attributes and the objectcalsses contain the attribute "name". Perhaps these are followups.

Actions #3

Updated by flacco almost 6 years ago

A deeper look in other objectclass-definition shows, that they don't contain the attributes mustContain and mayContain. Strange.

Actions #4

Updated by flacco almost 6 years ago

  • Status changed from In Progress to New
  • % Done changed from 10 to 70

After a re-provisioning an AD with the fixed upper/lower case error, inside our DHCP-Schema "samba-tool dbcheck --cross-ncs" finds no errors.

Problem seems to be fixed.

Now we should provide a script to fix this problem in existing installations.

Actions #5

Updated by flacco almost 6 years ago

  • Status changed from New to Closed
  • % Done changed from 70 to 100
Actions

Also available in: Atom PDF