Web lists-archives.com

Re: [Samba] ldapcmp failures between DC's




On Sun, 2 Jul 2017 07:11:55 -0500
Robert Wooden via samba <samba@xxxxxxxxxxxxxxx> wrote:

> I am in the process of preparing to demote a couple of (hardware)
> aging domain controllers. At moment, I have four DC's running on my
> domain.
> 
> When I "ldapcmp" between any of the DC's I get failures that appear
> to be simple "typos".
> 
> Like these:
> 
> root@dtdc07:~# samba-tool ldapcmp ldap://dtdc03 ldap://dtdc07
> -Uadministrator
> >>>>> snipped for brevity <<<<<<<
> SUMMARY
> ---------
> 
> Attributes found only in ldap://dtdc03:
> 
>     CN
>     DC
> 
> Attributes found only in ldap://dtdc07:
> 
>     cn
>     dc
> ERROR: Compare failed: -1
> 
> root@dtdc07:~# samba-tool ldapcmp ldap://dtdc03 ldap://dtdc07
> -Uadministrator domain
> >>>>> snipped for brevity <<<<<<<
> SUMMARY
> ---------
> 
> Attributes found only in ldap://dtdc03:
> 
>     OU
>     serverReferenceBL
>     CN
>     DC
> 
> Attributes found only in ldap://dtdc07:
> 
>     ou
>     serverReferenceBL
>     cn
>     dc
> ERROR: Compare failed: -1
> 
> 
> When I scroll back through the complete output I cannot find these
> differences. In other words they appear only in the "SUMMARY" at the
> end is each string test.
> 
> Not familiar with these test, should I be concerned about theses
> differences before I demote my aging hardware DC's?
> 

There is a known problem that attributes can appear as uppercase on one
DC and lowercase on another, this is nothing to worry about, as
everything works okay. If I remember correctly, this has been fixed for
new DCs, but a fix wasn't found to 'repair' (for want of a better word)
any existing uppercase attributes.

The 'serverReferencesBL' attributes are back links and possibly the
forward links have been removed and these dangling back links can also
be ignored.
  
Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba