s3 - s4 conversion

Lukasz Zalewski lukas at eecs.qmul.ac.uk
Mon Apr 11 14:48:50 MDT 2011 

On 11/04/2011 19:28, Lukasz Zalewski wrote:
> On 11/04/2011 19:02, Aaron E. wrote:
>>
>>
>> On 04/11/2011 12:58 PM, Lukasz Zalewski wrote:
>>> On 11/04/11 17:30, Aaron E. wrote:
>>>> I'm trying to convert a dump of my openldap database to samba4 using
>>>> the
>>>> mylap-pub.py script. I keep getting the same error. I'm not sure what
>>>> I'm missing here. I've scrubbed my ldap.dump and all looks good. I've
>>>> hit a wall and can't seem to get past this.
>>>>
>>>> Where is this error derived from? Is it an error with my database or
>>>> the
>>>> script I'm using? I don't see an option to specify sid in the help
>>>> options.
>>>>
>>>> Any and all input I greatly appreciate. Thank you all
>>>>
>>>>
>>>> I believe I have the latest version of the script Thanks to Lukasz.
>>>>
>>>> Below is the conversion command I'm using.........................
>>>> ..................................................................
>>>>
>>>> "/myldap-pub.py --input_ldif=ldap.dump.ldif --input_domain_name=CONVERT
>>>> --input_basedn=dc=convert,dc=com --output_basedn=DC=convert,DC=com
>>>> --remove_input_attributes
>>>> 'phpgwAccountExpires,phpgwAccount,phpgwAccountType'"
>>>>
>>>> The error I recieve---------------------------------------------
>>>> ----------------------------------------------------------------
>>>>
>>>> # wellknown SID: S-1-5-21-496710657-683828429-1874078741-512 =>
>>>> <SID=S-1-5-21-496710657-683828429-1874078741-512>
>>>>
>>>> # wellknown SID: S-1-5-21-496710657-683828429-1874078741-514 =>
>>>> <SID=S-1-5-21-496710657-683828429-1874078741-514>
>>>>
>>>> Traceback (most recent call last):
>>>> File "./myldap-pub.py", line 1934, in <module>
>>>> ldap_cmd.run()
>>>> File "./myldap-pub.py", line 1927, in run
>>>> user_principal_name=options.user_principal_name)
>>>> File "./myldap-pub.py", line 449, in __init__
>>>> computer_replace_attrs=computer_replace_attrs)
>>>> File "./myldap-pub.py", line 1654, in convertObjects
>>>> output_display=bool(import_type & IMPORT_TYPE_GROUPS))
>>>> File "./myldap-pub.py", line 1507, in convert_sambaGroupMapping
>>>> "sid[%s] doesn't belong to domain[%s]" % (sid, domain_sid)
>>>> NameError: global name 'sid' is not defined
>>>>
>>>
>>> Hi Aaron,
>>> I'am looking into this issue but need to create an appropriate test data
>>> to be able to replicate this.
>>> From the error message it seems you groups contain a sid that is not
>>> part of the domain - however the final error message is obscured by a
>>> bug in the code.
>>> Can you edit the script and on line 1507 replace:
>>> sid[%s] doesn't belong to domain[%s]" % (sid, domain_sid)
>>> with
>>> "sid[%s] doesn't belong to domain[%s]" % (objectSid, domain_sid)
>>>
>>> and tell us the missmatched sids?
>>>
>>> HTH
>>>
>>> Luk
>>>
>> Progress !!! Hope this information helps ...
>>
>> I filtered through my groups and removed 5 groups that did not have a
>> sambaSid attached to them. They were not needed and left over through
>> the years so no big deal.....
>>
>> I am getting farther and it seems to complete with the groups now it's
>> possibly erring out with the Computers?
>>
>> ./myldap-pub.py --input_ldif=ldap.dump.ldif --input_domain_name=CONVERT
>> --input_basedn=dc=CONVERT,dc=com --output_basedn=DC=CONVERT,DC=com
>> --remove_input_attributes=phpgwAccountExpires,phpgwAccount,phpgwAccountType
>>
>>
>>
>> # wellknown SID: S-1-5-21-496710657-683828429-1874078741-512 =>
>> <SID=S-1-5-21-496710657-683828429-1874078741-512>
>>
>> # wellknown SID: S-1-5-21-496710657-683828429-1874078741-514 =>
>> <SID=S-1-5-21-496710657-683828429-1874078741-514>
>>
>> # wellknown SID: S-1-5-21-496710657-683828429-1874078741-513 =>
>> <SID=S-1-5-21-496710657-683828429-1874078741-513>
>>
>> Traceback (most recent call last):
>> File "./myldap-pub.py", line 1934, in <module>
>> ldap_cmd.run()
>> File "./myldap-pub.py", line 1927, in run
>> user_principal_name=options.user_principal_name)
>> File "./myldap-pub.py", line 449, in __init__
>> computer_replace_attrs=computer_replace_attrs)
>> File "./myldap-pub.py", line 1680, in convertObjects
>> self.computers.filterstr)
>> File "./myldap-pub.py", line 248, in search
>> return self.ldif.search(base, scope, filterstr, attrlist, attrsonly)
>> File "./myldap-pub.py", line 225, in search
>> filter = self.parse_filter(filterstr)
>> File "./myldap-pub.py", line 92, in parse_filter
>> raise "not ("
>> TypeError: exceptions must be old-style classes or derived from
>> BaseException, not str
>>

Hi Aaron, all
Please find attached new version of the script. This corrects some of 
the string based exception throws by wrapping them in an Exception 
class. However some of the more complex try/except constructs are still 
outstanding.

The above error was caused by a bad default search filter (strangely 
only being triggered in the ldif based conversion) which should be now 
corrected

Regards

Luk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: myldap-pub.py
Type: text/x-python-script
Size: 59431 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20110411/ddde3973/attachment.bin>

More information about the samba-technical mailing list