s3 - s4 conversion

Lukasz Zalewski lukas at eecs.qmul.ac.uk
Mon Apr 11 12:17:05 MDT 2011


On 11/04/2011 18:44, Aaron E. wrote:
>
>
> On 04/11/2011 12:58 PM, Lukasz Zalewski wrote:
>> On 11/04/11 17:30, Aaron E. wrote:
>>> I'm trying to convert a dump of my openldap database to samba4 using the
>>> mylap-pub.py script. I keep getting the same error. I'm not sure what
>>> I'm missing here. I've scrubbed my ldap.dump and all looks good. I've
>>> hit a wall and can't seem to get past this.
>>>
>>> Where is this error derived from? Is it an error with my database or the
>>> script I'm using? I don't see an option to specify sid in the help
>>> options.
>>>
>>> Any and all input I greatly appreciate. Thank you all
>>>
>>>
>>> I believe I have the latest version of the script Thanks to Lukasz.
>>>
>>> Below is the conversion command I'm using.........................
>>> ..................................................................
>>>
>>> "/myldap-pub.py --input_ldif=ldap.dump.ldif --input_domain_name=CONVERT
>>> --input_basedn=dc=convert,dc=com --output_basedn=DC=convert,DC=com
>>> --remove_input_attributes
>>> 'phpgwAccountExpires,phpgwAccount,phpgwAccountType'"
>>>
>>> The error I recieve---------------------------------------------
>>> ----------------------------------------------------------------
>>>
>>> # wellknown SID: S-1-5-21-496710657-683828429-1874078741-512 =>
>>> <SID=S-1-5-21-496710657-683828429-1874078741-512>
>>>
>>> # wellknown SID: S-1-5-21-496710657-683828429-1874078741-514 =>
>>> <SID=S-1-5-21-496710657-683828429-1874078741-514>
>>>
>>> Traceback (most recent call last):
>>> File "./myldap-pub.py", line 1934, in <module>
>>> ldap_cmd.run()
>>> File "./myldap-pub.py", line 1927, in run
>>> user_principal_name=options.user_principal_name)
>>> File "./myldap-pub.py", line 449, in __init__
>>> computer_replace_attrs=computer_replace_attrs)
>>> File "./myldap-pub.py", line 1654, in convertObjects
>>> output_display=bool(import_type & IMPORT_TYPE_GROUPS))
>>> File "./myldap-pub.py", line 1507, in convert_sambaGroupMapping
>>> "sid[%s] doesn't belong to domain[%s]" % (sid, domain_sid)
>>> NameError: global name 'sid' is not defined
>>>
>>
>> Hi Aaron,
>> I'am looking into this issue but need to create an appropriate test data
>> to be able to replicate this.
>> From the error message it seems you groups contain a sid that is not
>> part of the domain - however the final error message is obscured by a
>> bug in the code.
>> Can you edit the script and on line 1507 replace:
>> sid[%s] doesn't belong to domain[%s]" % (sid, domain_sid)
>> with
>> "sid[%s] doesn't belong to domain[%s]" % (objectSid, domain_sid)
>>
>> and tell us the missmatched sids?
>>
>> HTH
>>
>> Luk
>>
> I've replaced the code and the error isn't much different. I will also
> take a look at the group mapping in the meantime. Thank you for your
> time Luk....
>
> /myldap-pub.py --input_ldif=ldap.dump.ldif --input_domain_name=CONVERT
> --input_basedn=dc=convert,dc=com --output_basedn=DC=convert,DC=com
> --remove_input_attributes=phpgwAccountExpires,phpgwAccount,phpgwAccountType
> # wellknown SID: S-1-5-21-496710657-683828429-1874078741-512 =>
> <SID=S-1-5-21-496710657-683828429-1874078741-512>
>
> # wellknown SID: S-1-5-21-496710657-683828429-1874078741-514 =>
> <SID=S-1-5-21-496710657-683828429-1874078741-514>
>
> Traceback (most recent call last):
> File "./myldap-pub.py", line 1935, in <module>
> ldap_cmd.run()
> File "./myldap-pub.py", line 1928, in run
> user_principal_name=options.user_principal_name)
> File "./myldap-pub.py", line 449, in __init__
> computer_replace_attrs=computer_replace_attrs)
> File "./myldap-pub.py", line 1655, in convertObjects
> output_display=bool(import_type & IMPORT_TYPE_GROUPS))
> File "./myldap-pub.py", line 1507, in convert_sambaGroupMapping
> "sid[%s] doesn't belong to domain[%s]" % (objectSid, domain_sid)
> NameError: global name 'domain_sid' is not defined
>

Hi Aaron,
Sorry one bug fixed another cropped up. Line 1507 should read
"sid[%s] doesn't belong to domain[%s]" % (objectSid, self.domain_sid)

Regards

Luk


More information about the samba-technical mailing list