action #47072
closedCheck our DHCP-LDAP Schema
100%
Description
During an Upgrade from Samba 4.6 to 4.7 with MIT Kerberos, it is necessary to run "samba-tool dbcheck --cross-ncs --fix".
dbcheck throws some errors related to our dhcpd-LDAP Schema. We have to check this.
Errors:
ERROR: Normalisation error for attribute mayContain in CN=iscDhcpClass,CN=Schema,CN=Configuration,DC=140-net,DC=loc
value 'iscDhcpSubClassesDN' should be 'iscDhcpSubclassesDN'
Not fixing attribute mayContain
ERROR: Duplicate values for attribute 'mayContain' in 'CN=iscDhcpClass,CN=Schema,CN=Configuration,DC=140-net,DC=loc'
Values contain a duplicate: [iscDhcpSubClassesDN,iscDhcpOptionsDN,iscDhcpStatements,iscDhcpComments,iscDhcpOption]/[iscDhcpSubClassesDN]!
Not fixing attribute 'mayContain'
ERROR: Not fixing missing 'name' on 'CN=iscDhcpClass,CN=Schema,CN=Configuration,DC=140-net,DC=loc'
ERROR: Normalisation error for attribute mustContain in CN=iscDhcpFailOverPeer,CN=Schema,CN=Configuration,DC=140-net,DC=loc
value 'iscDhcpFailoverPrimaryPort' should be 'iscDhcpFailOverPrimaryPort'
Not fixing attribute mustContain
ERROR: Duplicate values for attribute 'mustContain' in 'CN=iscDhcpFailOverPeer,CN=Schema,CN=Configuration,DC=140-net,DC=loc'
Values contain a duplicate: [cn,iscDhcpFailOverPrimaryServer,iscDhcpFailOverSecondaryServer,iscDhcpFailoverPrimaryPort,iscDhcpFailOverSecondaryPort]/[iscDhcpFailOverPrimaryServer,iscDhcpFailoverPrimaryPort,cn,iscDhcpFailOverSecondaryServer]!
Not fixing attribute 'mustContain'
ERROR: Not fixing missing 'name' on 'CN=iscDhcpFailOverPeer,CN=Schema,CN=Configuration,DC=140-net,DC=loc'
ERROR: incorrect DN SID component for member in object CN=Domain Users,CN=Users,DC=140-net,DC=loc - ;;;;;;;;CN=postmaster@140-net.loc,CN=Users,DC=140-net,DC=loc
Not fixing SID component mismatch
Updated by flacco almost 6 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 10
I found and fixed the two upper/lower case problems in the objeclasses 'iscDhcpClass' and 'iscDhcpFailOverPeer'.
I found no duplicates in the mustContain attributes and the objectcalsses contain the attribute "name". Perhaps these are followups.
Updated by flacco almost 6 years ago
A deeper look in other objectclass-definition shows, that they don't contain the attributes mustContain and mayContain. Strange.
Updated by flacco almost 6 years ago
- Status changed from In Progress to New
- % Done changed from 10 to 70
After a re-provisioning an AD with the fixed upper/lower case error, inside our DHCP-Schema "samba-tool dbcheck --cross-ncs" finds no errors.
Problem seems to be fixed.
Now we should provide a script to fix this problem in existing installations.
Updated by flacco almost 6 years ago
- Status changed from New to Closed
- % Done changed from 70 to 100
It's possible to fix these 2 problems by hand. I've described it in our wiki: