[Samba4] Duplicate ntSecurityDescriptor during provisioning
Nadezhda Ivanova
nadezhda.ivanova at postpath.com
Fri Sep 18 00:23:49 MDT 2009
Hi again,
I am pretty sure the problem is that instead of replacing the existing value, descriptor_do_add adds another one. I think I fixed the problem by removing the old value first. Its very late here and I cannot submit the patch tonight. If you cant wait, try removing the attribute from the incoming message and adding an empty value instead, like the objectclass module does with the objectClass. Sorry about that, it did not show with the default backend.
Regards,
Nadya
----- Original Message -----
> From: samba-technical-bounces at lists.samba.org <samba-technical-bounces at lists.samba.org>
> To: mdw at samba.org <mdw at samba.org>, Nadezhda Ivanova <nadezhda.ivanova at postpath.com>
> Cc: dpal at redhat.com <dpal at redhat.com>, samba-technical at lists.samba.org <samba-technical at lists.samba.org>, abartlet at samba.org <abartlet at samba.org>
> Sent: Friday, September 18, 2009 8:47:19 AM GMT+0200 Europe;Athens
> Subject: Re: [Samba4] Duplicate ntSecurityDescriptor during provisioning
> > Hi all,
> I think I know the cause of it, and it will be fixed in my next commit
> tomorrow.
>
> Regards,
> Nadya
> ----- Original Message -----
> > From: Matthias Dieter Wallnöfer <mdw at samba.org>
> > To: Nadezhda Ivanova <nadezhda.ivanova at postpath.com>
> > Cc: abartlet at samba.org <abartlet at samba.org>, edewata at redhat.com
> <edewata at redhat.com>, dpal at redhat.com <dpal at redhat.com>,
> samba-technical at lists.samba.org <samba-technical at lists.samba.org>
> > Sent: Friday, September 18, 2009 1:50:36 AM GMT+0200 Europe;Athens
> > Subject: Re: [Samba4] Duplicate ntSecurityDescriptor during
> provisioning
>
> > > Hi all together,
> >
> > yeah, this problem needs tracking. I also suffer from it (I think
> you
> > all too): consider the group policy objects under
> > "CN=Policies,CN=System,<domain-DN>". One is the security descriptor
> > added by the "provision_group_policy.ldif" file, therefore this
> should
> >
> > be the right one, and the other seems to be added (I don't exactly
> > know
> > - but I imagine) by the new module.
> >
> > Matthias
> >
> > Nadezhda Ivanova schrieb:
> > > Hi,
> > > Are you using alpha8 or the current master? It could be related to
> a
> > patch regarding security descriptors that we pushed Monday evening.
> > >
> > > Regards,
> > > Nadya
> > > ----- Original Message -----
> > >
> > >> From: samba-technical-bounces at lists.samba.org
> > <samba-technical-bounces at lists.samba.org>
> > >> To: Andrew Bartlett <abartlet at samba.org>, Endi Sukma Dewata
> > <edewata at redhat.com>
> > >> Cc: Dmitri Pal <dpal at redhat.com>, samba-technical at lists.samba.org
>
> > <samba-technical at lists.samba.org>
> > >> Sent: Wednesday, September 16, 2009 3:38:59 PM GMT-0800
> > America;Los_Angeles
> > >> Subject: [Samba4] Duplicate ntSecurityDescriptor during
> > provisioning
> > >>
> > >
> > >
> > >>> Andrew,
> > >>>
> > >> I'm trying to run the test against OpenLDAP to verify my
> > environment
> > >> before testing FDS again. I found that the provisioning script
> > failed
> > >> to load the first entry in provision_group_policy.ldif. Here is
> the
> >
> > >> error message:
> > >>
> > >> _ldb.LdbError: (19, 'LDAP error 19 LDAP_CONSTRAINT_VIOLATION -
> > >> <nTSecurityDescriptor: multiple values provided> <>')
> > >>
> > >> In the LDIF file the entry only has 1 nTSecurityDescriptor value,
>
> > but
> > >> when I check the attribute in ildap_add() it actually has 2
> values.
> > >>
> > >> Do you have any idea? Thanks.
> > >>
> > >> --
> > >> Endi S. Dewata
> > >>
> > >
> > >
More information about the samba-technical
mailing list