deleting users from ldap

rpv_muma rpv at muma.tusur.ru
Mon Nov 1 14:02:36 GMT 2004 

I have build samba+openldap PDC and found next error when deleting
users from domain:

[2004/11/01 19:31:23, 3] rpc_server/srv_samr_nt.c:smb_delete_user(3631)
>  smb_delete_user: Running the command `/usr/local/etc/samba/smbldap-userdel.pl admin2' gave 0
[2004/11/01 19:31:23, 3] passdb/pdb_ldap.c:ldapsam_delete_sam_account(1516)
>  ldapsam_delete_sam_account: Deleting user admin2 from LDAP.
[2004/11/01 19:31:23, 5] lib/smbldap.c:smbldap_search(963)
>  smbldap_search: base => [dc=fsf,dc=tsu,dc=ru], filter => [(&(uid=admin2)(objectclass=sambaSamAccount))], scope => [2]
[2004/11/01 19:31:23, 0] passdb/pdb_ldap.c:ldapsam_delete_entry(269)
>  ldapsam_delete_entry: Entry must exist exactly once!
[2004/11/01 19:31:23, 5] rpc_server/srv_samr_nt.c:_samr_delete_dom_user(3678)
  _samr_delete_dom_user:Failed to delete entry for user admin2.
....
[2004/11/01 19:31:23, 5] rpc_parse/parse_prs.c:prs_ntstatus(665)
>>      0014 status: NT_STATUS_CANNOT_DELETE

The main code which deletes users is rpc_server/srv_samr_nt.c:smb_delete_user
As we can see, smb_delete_user call executed first, it runs
smbldap-userdel.pl. This script delete full dn with sambaSamAccount
and posixAccount field from LDAP.
After this samba tries to delete sambaSamAccount object fields using backend
(pdb_delete_sam_account(sam_pass)), but where are no user at LDAP found ))

smb_delete_user call need to be after pdb_delete_sam_account, as I
think. I don`t know how it works with other than LDAP backends, so it need to be
checked by samba team.

        /* delete the unix side */
        smb_delete_user(pdb_get_username(sam_pass));

        /* and delete the samba side */
        if (!pdb_delete_sam_account(sam_pass)) {
                DEBUG(5,("_samr_delete_dom_user:Failed to delete entry for user %s.\n", pdb_get_username(sam_pass)));
                pdb_free_sam(&sam_pass);
                return NT_STATUS_CANNOT_DELETE;
        }

After changing places of deleting unix and samba side LDAP must works
fine ). I will test it now %))
        
-- 
Best regards,
Pavel Rochnyack                      mailto:rpv at muma.tusur.ru

More information about the samba-technical mailing list