diff options
| author | Tim Beale <timbeale@catalyst.net.nz> | 2019-07-01 13:41:14 +1200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2019-07-02 04:21:36 +0000 |
| commit | 98848142cde51d4b280a6fb5cd95dc4bd2471e17 (patch) | |
| tree | 3bad34ed8f460aef83b0179578b1e3a59781b2c4 /source4 | |
| parent | dba9987bf500f82fbbcda1cd78c543a87f90cec5 (diff) | |
| download | samba-98848142cde51d4b280a6fb5cd95dc4bd2471e17.tar.gz | |
repl_md: Avoid dropping cross-partition links
Cross-partition links could still be dropped if GET_TGT was already
previously set for the replication.
This was due to a slight error in the order of logic. We never want to
ignore cross-partition links (regardless of whether the TARGETS_UPTODATE
/GET_TGT flag is set). We should only be returning early in the
GET_TGT case if the objects are both in the same partition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14022
RN: When the AD domain contained a linked attribute that spanned
partitions, DRS replication could drop the link. This dropped link could
then result in subtle differences in behaviour between DCs, as some DCs
would have the link and others wouldn't. When this issue occurred, the
dropped link would be logged in a warning message:
"<target-dn> is Unknown but up to date. Ignoring link from <source-dn>"
This issue would not always occur - it depended a lot on the database
contents. Typically, it would only potentially occur when joining a new
DC to the domain (doing an ldapcmp after the join would also highlight
the problem, if it occurred). This issue has now been resolved.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 5202c41a7bf..9dd354743ff 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -7433,27 +7433,28 @@ static int replmd_allow_missing_target(struct ldb_module *module, return LDB_SUCCESS; } - if (dsdb_repl_flags & DSDB_REPL_FLAG_TARGETS_UPTODATE) { + is_in_same_nc = dsdb_objects_have_same_nc(ldb, + mem_ctx, + source_dn, + target_dn); + if (is_in_same_nc) { /* - * target should already be up-to-date so there's no point in + * if the target is already be up-to-date there's no point in * retrying. This could be due to bad timing, or if a target * on a one-way link was deleted. We ignore the link rather * than failing the replication cycle completely */ - *ignore_link = true; - DBG_WARNING("%s is %s but up to date. Ignoring link from %s\n", - ldb_dn_get_linearized(target_dn), missing_str, - ldb_dn_get_linearized(source_dn)); - return LDB_SUCCESS; - } - - is_in_same_nc = dsdb_objects_have_same_nc(ldb, - mem_ctx, - source_dn, - target_dn); - if (is_in_same_nc) { - /* fail the replication and retry with GET_TGT */ + if (dsdb_repl_flags & DSDB_REPL_FLAG_TARGETS_UPTODATE) { + *ignore_link = true; + DBG_WARNING("%s is %s " + "but up to date. Ignoring link from %s\n", + ldb_dn_get_linearized(target_dn), missing_str, + ldb_dn_get_linearized(source_dn)); + return LDB_SUCCESS; + } + + /* otherwise fail the replication and retry with GET_TGT */ ldb_asprintf_errstring(ldb, "%s target %s GUID %s linked from %s\n", missing_str, ldb_dn_get_linearized(target_dn), |