s3 - s4 conversion

Aaron E. ssureshot at gmail.com
Tue Apr 12 07:17:56 MDT 2011 


On 04/11/2011 04:48 PM, Lukasz Zalewski wrote:
> On 11/04/2011 19:28, Lukasz Zalewski wrote:
>> On 11/04/2011 19:02, Aaron E. wrote:
>>>
>>>
>>> On 04/11/2011 12:58 PM, Lukasz Zalewski wrote:
>>>> On 11/04/11 17:30, Aaron E. wrote:
>>>>> I'm trying to convert a dump of my openldap database to samba4 using
>>>>> the
>>>>> mylap-pub.py script. I keep getting the same error. I'm not sure what
>>>>> I'm missing here. I've scrubbed my ldap.dump and all looks good. I've
>>>>> hit a wall and can't seem to get past this.
>>>>>
>>>>> Where is this error derived from? Is it an error with my database or
>>>>> the
>>>>> script I'm using? I don't see an option to specify sid in the help
>>>>> options.
>>>>>
>>>>> Any and all input I greatly appreciate. Thank you all
>>>>>
>>>>>
>>>>> I believe I have the latest version of the script Thanks to Lukasz.
>>>>>
>>>>> Below is the conversion command I'm using.........................
>>>>> ..................................................................
>>>>>
>>>>> "/myldap-pub.py --input_ldif=ldap.dump.ldif
>>>>> --input_domain_name=CONVERT
>>>>> --input_basedn=dc=convert,dc=com --output_basedn=DC=convert,DC=com
>>>>> --remove_input_attributes
>>>>> 'phpgwAccountExpires,phpgwAccount,phpgwAccountType'"
>>>>>
>>>>> The error I recieve---------------------------------------------
>>>>> ----------------------------------------------------------------
>>>>>
>>>>> # wellknown SID: S-1-5-21-496710657-683828429-1874078741-512 =>
>>>>> <SID=S-1-5-21-496710657-683828429-1874078741-512>
>>>>>
>>>>> # wellknown SID: S-1-5-21-496710657-683828429-1874078741-514 =>
>>>>> <SID=S-1-5-21-496710657-683828429-1874078741-514>
>>>>>
>>>>> Traceback (most recent call last):
>>>>> File "./myldap-pub.py", line 1934, in <module>
>>>>> ldap_cmd.run()
>>>>> File "./myldap-pub.py", line 1927, in run
>>>>> user_principal_name=options.user_principal_name)
>>>>> File "./myldap-pub.py", line 449, in __init__
>>>>> computer_replace_attrs=computer_replace_attrs)
>>>>> File "./myldap-pub.py", line 1654, in convertObjects
>>>>> output_display=bool(import_type & IMPORT_TYPE_GROUPS))
>>>>> File "./myldap-pub.py", line 1507, in convert_sambaGroupMapping
>>>>> "sid[%s] doesn't belong to domain[%s]" % (sid, domain_sid)
>>>>> NameError: global name 'sid' is not defined
>>>>>
>>>>
>>>> Hi Aaron,
>>>> I'am looking into this issue but need to create an appropriate test
>>>> data
>>>> to be able to replicate this.
>>>> From the error message it seems you groups contain a sid that is not
>>>> part of the domain - however the final error message is obscured by a
>>>> bug in the code.
>>>> Can you edit the script and on line 1507 replace:
>>>> sid[%s] doesn't belong to domain[%s]" % (sid, domain_sid)
>>>> with
>>>> "sid[%s] doesn't belong to domain[%s]" % (objectSid, domain_sid)
>>>>
>>>> and tell us the missmatched sids?
>>>>
>>>> HTH
>>>>
>>>> Luk
>>>>
>>> Progress !!! Hope this information helps ...
>>>
>>> I filtered through my groups and removed 5 groups that did not have a
>>> sambaSid attached to them. They were not needed and left over through
>>> the years so no big deal.....
>>>
>>> I am getting farther and it seems to complete with the groups now it's
>>> possibly erring out with the Computers?
>>>
>>> ./myldap-pub.py --input_ldif=ldap.dump.ldif --input_domain_name=CONVERT
>>> --input_basedn=dc=CONVERT,dc=com --output_basedn=DC=CONVERT,DC=com
>>> --remove_input_attributes=phpgwAccountExpires,phpgwAccount,phpgwAccountType
>>>
>>>
>>>
>>>
>>> # wellknown SID: S-1-5-21-496710657-683828429-1874078741-512 =>
>>> <SID=S-1-5-21-496710657-683828429-1874078741-512>
>>>
>>> # wellknown SID: S-1-5-21-496710657-683828429-1874078741-514 =>
>>> <SID=S-1-5-21-496710657-683828429-1874078741-514>
>>>
>>> # wellknown SID: S-1-5-21-496710657-683828429-1874078741-513 =>
>>> <SID=S-1-5-21-496710657-683828429-1874078741-513>
>>>
>>> Traceback (most recent call last):
>>> File "./myldap-pub.py", line 1934, in <module>
>>> ldap_cmd.run()
>>> File "./myldap-pub.py", line 1927, in run
>>> user_principal_name=options.user_principal_name)
>>> File "./myldap-pub.py", line 449, in __init__
>>> computer_replace_attrs=computer_replace_attrs)
>>> File "./myldap-pub.py", line 1680, in convertObjects
>>> self.computers.filterstr)
>>> File "./myldap-pub.py", line 248, in search
>>> return self.ldif.search(base, scope, filterstr, attrlist, attrsonly)
>>> File "./myldap-pub.py", line 225, in search
>>> filter = self.parse_filter(filterstr)
>>> File "./myldap-pub.py", line 92, in parse_filter
>>> raise "not ("
>>> TypeError: exceptions must be old-style classes or derived from
>>> BaseException, not str
>>>
>
> Hi Aaron, all
> Please find attached new version of the script. This corrects some of
> the string based exception throws by wrapping them in an Exception
> class. However some of the more complex try/except constructs are still
> outstanding.
>
> The above error was caused by a bad default search filter (strangely
> only being triggered in the ldif based conversion) which should be now
> corrected
>
> Regards
>
> Luk

Luk,
I had to work out a few attribute assertion errors at first but now I'm 
stuck on this... When It runs it is giving me the following error..

# wellknown SID: S-1-5-21-496710657-683828429-1874078741-512 => 
<SID=S-1-5-21-496710657-683828429-1874078741-512>

# wellknown SID: S-1-5-21-496710657-683828429-1874078741-514 => 
<SID=S-1-5-21-496710657-683828429-1874078741-514>

# wellknown SID: S-1-5-21-496710657-683828429-1874078741-513 => 
<SID=S-1-5-21-496710657-683828429-1874078741-513>

# fix SID[S-1-5-21-496710657-683828429-1874078741-500 => 
S-1-5-21-496710657-683828429-1874078741-140000] for 
DN[CN=ADMINISTRATOR,OU=Imported Computers,DC=convert,DC=com]

Traceback (most recent call last):
   File "./myldap-pub.v2.py", line 1934, in <module>
     ldap_cmd.run()
   File "./myldap-pub.v2.py", line 1927, in run
     user_principal_name=options.user_principal_name)
   File "./myldap-pub.v2.py", line 449, in __init__
     computer_replace_attrs=computer_replace_attrs)
   File "./myldap-pub.v2.py", line 1694, in convertObjects
     replace_attrs=computer_replace_attrs)
   File "./myldap-pub.v2.py", line 1411, in convert_sambaSamAccount
     self.insert_sAMAccountName(sAMAccountName, dn)
   File "./myldap-pub.v2.py", line 1044, in insert_sAMAccountName
     % (name, self.new_sAMAccountNames[name_lower])
AssertionError: sAMAccountName[NCMAREA$] already exists as 
CN=NCMAREA,OU=Imported Computers,DC=convert,DC=com

When I filter through my ldap and search for other occurances I cannot 
find any. If I delete the one in question then it moves on to the next 
assertion error.

NCMAREA has a user and a computer named that and it is an exception, the 
next one paintbooth1 only has a user and it kicks the same error.

File "./myldap-pub.v2.py", line 1044, in insert_sAMAccountName
     % (name, self.new_sAMAccountNames[name_lower])
AssertionError: sAMAccountName[PAINTBOOTH1$] already exists as 
CN=PAINTBOOTH1,OU=Imported Computers,DC=convert,DC=com

It eventually gets to a few sids that it thinks are duplicates adn thats 
where I stopped since there was not a duplicate sid found.

Possible loop on the computers section? I'm no programmer so that's a 
shot in the dark...

Thanks for the time and support in this.. Hope it helps other users in 
the future.. If this works out we will probably be migrating over to s4 
this year sooner than later..

More information about the samba-technical mailing list