[Samba4] Duplicate ntSecurityDescriptor during provisioning

Matthias Dieter Wallnöfer mdw at samba.org
Thu Sep 17 15:57:11 MDT 2009

Hi all together,

yeah, this problem needs tracking. I also suffer from it (I think you 
all too): consider the group policy objects under 
"CN=Policies,CN=System,<domain-DN>". One is the security descriptor 
added by the "provision_group_policy.ldif" file, therefore this should 
be the right one, and the other seems to be added (I don't exactly know 
- but I imagine) by the new module.


Nadezhda Ivanova schrieb:
> Hi,
> Are you using alpha8 or the current master? It could be related to a patch regarding security descriptors that we pushed Monday evening.
> Regards,
> Nadya
> ----- Original Message -----
>> From: samba-technical-bounces at lists.samba.org <samba-technical-bounces at lists.samba.org>
>> To: Andrew Bartlett <abartlet at samba.org>, Endi Sukma Dewata <edewata at redhat.com>
>> Cc: Dmitri Pal <dpal at redhat.com>, samba-technical at lists.samba.org <samba-technical at lists.samba.org>
>> Sent: Wednesday, September 16, 2009 3:38:59 PM GMT-0800 America;Los_Angeles
>> Subject: [Samba4] Duplicate ntSecurityDescriptor during provisioning
>>> Andrew,
>> I'm trying to run the test against OpenLDAP to verify my environment 
>> before testing FDS again. I found that the provisioning script failed 
>> to load the first entry in provision_group_policy.ldif. Here is the 
>> error message:
>> _ldb.LdbError: (19, 'LDAP error 19 LDAP_CONSTRAINT_VIOLATION -  
>> <nTSecurityDescriptor: multiple values provided> <>')
>> In the LDIF file the entry only has 1 nTSecurityDescriptor value, but 
>> when I check the attribute in ildap_add() it actually has 2 values.
>> Do you have any idea? Thanks.
>> --
>> Endi S. Dewata

More information about the samba-technical mailing list