{"id":915,"date":"2012-08-10T17:46:52","date_gmt":"2012-08-10T15:46:52","guid":{"rendered":"http:\/\/blogs.chrisse.se\/?p=915"},"modified":"2012-08-10T17:46:52","modified_gmt":"2012-08-10T15:46:52","slug":"how-can-you-get-a-0acnf-managed-rdn-with-only-one-dc","status":"publish","type":"post","link":"https:\/\/blog.chrisse.se\/?p=915","title":{"rendered":"How can you get a 0ACNF mangled RDN with only one DC?"},"content":{"rendered":"<p>Most tombstones will have their name mangled for deletion e.g. [1] CN=&lt;RDN&gt;\\0ADEL:&lt;GUID&gt; and are moved to the &#8220;Deleted Objects&#8221; container if such exists [2] in the NC the object resides in and if it doesn&#8217;t have the DISALLOW_MOVE_ON_DELETE flag.<br \/>\n[2] All NCs except the Schema NC have &#8220;Deleted Objects&#8221; containers by default \u2013 but trust me they can get removed themselves <span style=\"font-family: Wingdings;\">J<\/span><\/p>\n<p>The case I&#8217;m looking for here is when an object deletion acutely bypasses the requirement to transit to the intermediate state of being a tombstone, deleted object or recycled object before it tries to get physically deleted from the database.<\/p>\n<p>Okay one case to cause this is: Object instanced with the auxiliary class dynamic Object e.g.:<\/p>\n<p>dn: cn=Christoffer Andersson,cn=ESEDEV,DC=ADAM,DC=chrisse,DC=com<br \/>\nchangetype: add<br \/>\nobjectClass: user<br \/>\nobjectClass: dynamicObject<br \/>\nentryTTL: 900<\/p>\n<p>Dynamic objects never transit thru the state of being a tombstone, deleted object or recycled object, they get physically removed once their TTL expires by the garbage collector, however if there is other objects referring to them e.g.<\/p>\n<p>[3] Let&#8217;s create an object referencing the dynamic object.<br \/>\ndn: cn=OtherObject,cn=ESEDEV,DC=ADAM,DC=chrisse,DC=com<br \/>\nchangetype: add<br \/>\nobjectClass: user<br \/>\nseeAlso: cn=Christoffer Andersson,cn=ESEDEV,DC=ADAM,DC=chrisse,DC=com<\/p>\n<p>900 (15min passes) and &#8220;cn=Christoffer Andersson,cn=ESEDEV,DC=ADAM,DC=chrisse,DC=com&#8221; is about to being physically deleted by the garbage collector, But it&#8217;s <span style=\"text-decoration: underline;\">not<\/span> cause someone else reference it [3], so it&#8217;s rather converted to a (none-object) phantom without being either RDN managed for deletion [1] or moved to the &#8220;Deleted Objects&#8221; container and it will be stuck here as long as cn=OtherObject,cn=ESEDEV,DC=ADAM,DC=chrisse,DC=com reference it by seeAlso.<\/p>\n<p>Now create an new object named : &#8220;cn=Christoffer Andersson,cn=ESEDEV,DC=ADAM,DC=chrisse,DC=com&#8221; e.g.:<\/p>\n<p>dn: cn=Christoffer Andersson,cn=ESEDEV,DC=ADAM,DC=chrisse,DC=com<br \/>\nchangetype: add<br \/>\nobjectClass: user<\/p>\n<p>The phantom will now become CNF mangled, to give room for the new real object that request the same RDN.<\/p>\n<p>e.g. &#8220;cn=Christoffer Andersson\\0ACNF:&lt;GUID&gt;,cn=ESEDEV,DC=ADAM,DC=chrisse,DC=com&#8221;<\/p>\n<p>Bonus to those who know and can list in the comments \u2013 the attributes of &#8220;cn=Christoffer Andersson\\0ACNF:&lt;GUID&gt;,cn=ESEDEV,DC=ADAM,DC=chrisse,DC=com&#8221; that are still left one the phantom (e.g. those who survived the translation from a real object to a (none-object)) \u2013 that&#8217;s all!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Most tombstones will have their name mangled for deletion e.g. [1] CN=&lt;RDN&gt;\\0ADEL:&lt;GUID&gt; and are moved to the &#8220;Deleted Objects&#8221; container if such exists [2] in the NC the object resides in and if it doesn&#8217;t have the DISALLOW_MOVE_ON_DELETE flag. [2] All NCs except the Schema NC have &#8220;Deleted Objects&#8221; containers by default \u2013 but trust &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/blog.chrisse.se\/?p=915\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;How can you get a 0ACNF mangled RDN with only one DC?&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-915","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blog.chrisse.se\/index.php?rest_route=\/wp\/v2\/posts\/915","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.chrisse.se\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.chrisse.se\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.chrisse.se\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.chrisse.se\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=915"}],"version-history":[{"count":0,"href":"https:\/\/blog.chrisse.se\/index.php?rest_route=\/wp\/v2\/posts\/915\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.chrisse.se\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=915"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.chrisse.se\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=915"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.chrisse.se\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=915"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}