Managing replication conflicts for humans in 389
I would like to thank side_control at runlevelone dot net for putting me onto this challenge.
If we have a replication conflict in 389, we generall have two results. A and B. In the case A is the live object and B is the conflict, and we want to keep A as live object, it's as easy as:
dn: idnsname=_kerberos._udp.Default-First-Site-Name._sites.dc._msdcs+nsuniqueid=910d8837-4c3c11e5-83eea63b-366c3f94,idnsname=lab.example.lan.,cn=dns,dc=lab,dc=example,dc=lan
changetype: delete
But say we want to swap them over: We want to keep B, but A is live. How do we recover this?
I plan to make a tool to do this, because it's a right pain.
This is the only way I got it to work, but I suspect there is a shortcut somewhere that doesn't need the blackmagic that is extensibleObject. (If you use extensibleObject in production I will come for your personally.)
First, we need to get the object out of being a multivalued rdn object so we can manipulate it easier. We give it a cn to match it's uniqueId.
dn: idnsname=_kerberos._udp.dc._msdcs+nsuniqueid=910d8842-4c3c11e5-83eea63b-366c3f94,idnsname=lab.example.lan.,cn=dns,dc=lab,dc=example,dc=lan
changetype: modify
add: cn
cn: 910d8842-4c3c11e5-83eea63b-366c3f94
-
replace: objectClass
objectClass: extensibleObject
objectClass: idnsrecord
objectClass: top
-
dn: idnsname=_kerberos._udp.dc._msdcs+nsuniqueid=910d8842-4c3c11e5-83eea63b-366c3f94,idnsname=lab.example.lan.,cn=dns,dc=lab,dc=example,dc=lan
changetype: modrdn
newrdn: cn=910d8842-4c3c11e5-83eea63b-366c3f94
deleteoldrdn: 0
newsuperior:
idnsname=lab.example.lan.,cn=dns,dc=lab,dc=example,dc=lan
Now, we can get rid of the repl conflict:
dn: cn=910d8842-4c3c11e5-83eea63b-366c3f94,idnsname=lab.example.lan.,cn=dns,dc=lab,dc=example,dc=lan
changetype: modify
delete: nsds5ReplConflict
nsds5ReplConflict:
namingConflictidnsname=_kerberos._udp.dc._msdcs,idnsname=lab.example.lan.,cn=dns,dc=lab,dc=example,dc=lan
-
We have "B" ready to go. So lets get A out of the way, and drop B in.
dn: idnsname=_kerberos._udp.Default-First-Site-Name._sites.dc._msdcs+nsuniqueid=910d8837-4c3c11e5-83eea63b-366c3f94,idnsname=lab.example.lan.,cn=dns,dc=lab,dc=example,dc=lan
changetype: delete
dn: cn=910d8842-4c3c11e5-83eea63b-366c3f94,idnsname=lab.example.lan.,cn=dns,dc=lab,dc=example,dc=lan
changetype: modrdn
newrdn: idnsName=_kerberos._udp.dc._msdcs
deleteoldrdn: 0
newsuperior: idnsname=lab.example.lan.,cn=dns,dc=lab,dc=example,dc=lan
Finally, we need to fix the objectClass and get rid of the cn.
dn: idnsName=_kerberos._udp.dc._msdcs,idnsname=lab.example.lan.,cn=dns,dc=lab,dc=example,dc=lan
changetype: modify
delete: cn
cn: 910d8842-4c3c11e5-83eea63b-366c3f94
-
replace: objectClass
objectClass: idnsrecord
objectClass: top
-
I think a tool to do this would be really helpful.