s3 - s4 conversion

Lukasz Zalewski lukas at eecs.qmul.ac.uk
Mon Apr 11 10:58:33 MDT 2011 

On 11/04/11 17:30, Aaron E. wrote:
> I'm trying to convert a dump of my openldap database to samba4 using the
> mylap-pub.py script. I keep getting the same error. I'm not sure what
> I'm missing here. I've scrubbed my ldap.dump and all looks good. I've
> hit a wall and can't seem to get past this.
>
> Where is this error derived from? Is it an error with my database or the
> script I'm using? I don't see an option to specify sid in the help options.
>
> Any and all input I greatly appreciate. Thank you all
>
>
> I believe I have the latest version of the script Thanks to Lukasz.
>
> Below is the conversion command I'm using.........................
> ..................................................................
>
> "/myldap-pub.py --input_ldif=ldap.dump.ldif --input_domain_name=CONVERT
> --input_basedn=dc=convert,dc=com --output_basedn=DC=convert,DC=com
> --remove_input_attributes
> 'phpgwAccountExpires,phpgwAccount,phpgwAccountType'"
>
> The error I recieve---------------------------------------------
> ----------------------------------------------------------------
>
> # wellknown SID: S-1-5-21-496710657-683828429-1874078741-512 =>
> <SID=S-1-5-21-496710657-683828429-1874078741-512>
>
> # wellknown SID: S-1-5-21-496710657-683828429-1874078741-514 =>
> <SID=S-1-5-21-496710657-683828429-1874078741-514>
>
> Traceback (most recent call last):
> File "./myldap-pub.py", line 1934, in <module>
> ldap_cmd.run()
> File "./myldap-pub.py", line 1927, in run
> user_principal_name=options.user_principal_name)
> File "./myldap-pub.py", line 449, in __init__
> computer_replace_attrs=computer_replace_attrs)
> File "./myldap-pub.py", line 1654, in convertObjects
> output_display=bool(import_type & IMPORT_TYPE_GROUPS))
> File "./myldap-pub.py", line 1507, in convert_sambaGroupMapping
> "sid[%s] doesn't belong to domain[%s]" % (sid, domain_sid)
> NameError: global name 'sid' is not defined
>

Hi Aaron,
I'am looking into this issue but need to create an appropriate test data 
to be able to replicate this.
 From the error message it seems you groups contain a sid that is not 
part of the domain - however the final error message is obscured by a 
bug in the code.
Can you edit the script and on line 1507 replace:
sid[%s] doesn't belong to domain[%s]" % (sid, domain_sid)
with
"sid[%s] doesn't belong to domain[%s]" % (objectSid, domain_sid)

and tell us the missmatched sids?

HTH

Luk

More information about the samba-technical mailing list