s3 - s4 conversion

Aaron E. ssureshot at gmail.com
Tue Apr 12 08:57:58 MDT 2011 


On 04/11/2011 04:48 PM, Lukasz Zalewski wrote:
> On 11/04/2011 19:28, Lukasz Zalewski wrote:
>> On 11/04/2011 19:02, Aaron E. wrote:
>>>
>>>
>>> On 04/11/2011 12:58 PM, Lukasz Zalewski wrote:
>>>> On 11/04/11 17:30, Aaron E. wrote:
>>>>> I'm trying to convert a dump of my openldap database to samba4 using
>>>>> the
>>>>> mylap-pub.py script. I keep getting the same error. I'm not sure what
>>>>> I'm missing here. I've scrubbed my ldap.dump and all looks good. I've
>>>>> hit a wall and can't seem to get past this.
>>>>>
>>>>> Where is this error derived from? Is it an error with my database or
>>>>> the
>>>>> script I'm using? I don't see an option to specify sid in the help
>>>>> options.
>>>>>
>>>>> Any and all input I greatly appreciate. Thank you all
>>>>>
>>>>>
>>>>> I believe I have the latest version of the script Thanks to Lukasz.
>>>>>
>>>>> Below is the conversion command I'm using.........................
>>>>> ..................................................................
>>>>>
>>>>> "/myldap-pub.py --input_ldif=ldap.dump.ldif
>>>>> --input_domain_name=CONVERT
>>>>> --input_basedn=dc=convert,dc=com --output_basedn=DC=convert,DC=com
>>>>> --remove_input_attributes
>>>>> 'phpgwAccountExpires,phpgwAccount,phpgwAccountType'"
>>>>>
>>>>> The error I recieve---------------------------------------------
>>>>> ----------------------------------------------------------------
>>>>>
>>>>> # wellknown SID: S-1-5-21-496710657-683828429-1874078741-512 =>
>>>>> <SID=S-1-5-21-496710657-683828429-1874078741-512>
>>>>>
>>>>> # wellknown SID: S-1-5-21-496710657-683828429-1874078741-514 =>
>>>>> <SID=S-1-5-21-496710657-683828429-1874078741-514>
>>>>>
>>>>> Traceback (most recent call last):
>>>>> File "./myldap-pub.py", line 1934, in <module>
>>>>> ldap_cmd.run()
>>>>> File "./myldap-pub.py", line 1927, in run
>>>>> user_principal_name=options.user_principal_name)
>>>>> File "./myldap-pub.py", line 449, in __init__
>>>>> computer_replace_attrs=computer_replace_attrs)
>>>>> File "./myldap-pub.py", line 1654, in convertObjects
>>>>> output_display=bool(import_type & IMPORT_TYPE_GROUPS))
>>>>> File "./myldap-pub.py", line 1507, in convert_sambaGroupMapping
>>>>> "sid[%s] doesn't belong to domain[%s]" % (sid, domain_sid)
>>>>> NameError: global name 'sid' is not defined
>>>>>
>>>>
>>>> Hi Aaron,
>>>> I'am looking into this issue but need to create an appropriate test
>>>> data
>>>> to be able to replicate this.
>>>> From the error message it seems you groups contain a sid that is not
>>>> part of the domain - however the final error message is obscured by a
>>>> bug in the code.
>>>> Can you edit the script and on line 1507 replace:
>>>> sid[%s] doesn't belong to domain[%s]" % (sid, domain_sid)
>>>> with
>>>> "sid[%s] doesn't belong to domain[%s]" % (objectSid, domain_sid)
>>>>
>>>> and tell us the missmatched sids?
>>>>
>>>> HTH
>>>>
>>>> Luk
>>>>
>>> Progress !!! Hope this information helps ...
>>>
>>> I filtered through my groups and removed 5 groups that did not have a
>>> sambaSid attached to them. They were not needed and left over through
>>> the years so no big deal.....
>>>
>>> I am getting farther and it seems to complete with the groups now it's
>>> possibly erring out with the Computers?
>>>
>>> ./myldap-pub.py --input_ldif=ldap.dump.ldif --input_domain_name=CONVERT
>>> --input_basedn=dc=CONVERT,dc=com --output_basedn=DC=CONVERT,DC=com
>>> --remove_input_attributes=phpgwAccountExpires,phpgwAccount,phpgwAccountType
>>>
>>>
>>>
>>>
>>> # wellknown SID: S-1-5-21-496710657-683828429-1874078741-512 =>
>>> <SID=S-1-5-21-496710657-683828429-1874078741-512>
>>>
>>> # wellknown SID: S-1-5-21-496710657-683828429-1874078741-514 =>
>>> <SID=S-1-5-21-496710657-683828429-1874078741-514>
>>>
>>> # wellknown SID: S-1-5-21-496710657-683828429-1874078741-513 =>
>>> <SID=S-1-5-21-496710657-683828429-1874078741-513>
>>>
>>> Traceback (most recent call last):
>>> File "./myldap-pub.py", line 1934, in <module>
>>> ldap_cmd.run()
>>> File "./myldap-pub.py", line 1927, in run
>>> user_principal_name=options.user_principal_name)
>>> File "./myldap-pub.py", line 449, in __init__
>>> computer_replace_attrs=computer_replace_attrs)
>>> File "./myldap-pub.py", line 1680, in convertObjects
>>> self.computers.filterstr)
>>> File "./myldap-pub.py", line 248, in search
>>> return self.ldif.search(base, scope, filterstr, attrlist, attrsonly)
>>> File "./myldap-pub.py", line 225, in search
>>> filter = self.parse_filter(filterstr)
>>> File "./myldap-pub.py", line 92, in parse_filter
>>> raise "not ("
>>> TypeError: exceptions must be old-style classes or derived from
>>> BaseException, not str
>>>
>
> Hi Aaron, all
> Please find attached new version of the script. This corrects some of
> the string based exception throws by wrapping them in an Exception
> class. However some of the more complex try/except constructs are still
> outstanding.
>
> The above error was caused by a bad default search filter (strangely
> only being triggered in the ldif based conversion) which should be now
> corrected
>
> Regards
>
> Luk

I'm trying to drill down on the Groups,Users,Computers separately, it 
looks as though Groups/Users have almost same error and computers have a 
different..

Groups
# wellknown SID: S-1-5-21-496710657-683828429-1874078741-512 => 
<SID=S-1-5-21-496710657-683828429-1874078741-512>

# wellknown SID: S-1-5-21-496710657-683828429-1874078741-514 => 
<SID=S-1-5-21-496710657-683828429-1874078741-514>

# wellknown SID: S-1-5-21-496710657-683828429-1874078741-513 => 
<SID=S-1-5-21-496710657-683828429-1874078741-513>

Traceback (most recent call last):
   File "./myldap-pub.v2.py", line 1934, in <module>
     ldap_cmd.run()
   File "./myldap-pub.v2.py", line 1927, in run
     user_principal_name=options.user_principal_name)
   File "./myldap-pub.v2.py", line 449, in __init__
     computer_replace_attrs=computer_replace_attrs)
   File "./myldap-pub.v2.py", line 1713, in convertObjects
     disable_if_no_unicodePwd=True)
   File "./myldap-pub.v2.py", line 1412, in convert_sambaSamAccount
     self.insert_objectSid(objectSid, dn, domain=True)
   File "./myldap-pub.v2.py", line 1083, in insert_objectSid
     assert rid >= 1000, "sid[%s] rid < 1000" % (sid)
AssertionError: sid[S-1-5-21-496710657-683828429-1874078741-500] rid < 1000

Users,
Traceback (most recent call last):
   File "./myldap-pub.v2.py", line 1934, in <module>
     ldap_cmd.run()
   File "./myldap-pub.v2.py", line 1927, in run
     user_principal_name=options.user_principal_name)
   File "./myldap-pub.v2.py", line 449, in __init__
     computer_replace_attrs=computer_replace_attrs)
   File "./myldap-pub.v2.py", line 1713, in convertObjects
     disable_if_no_unicodePwd=True)
   File "./myldap-pub.v2.py", line 1412, in convert_sambaSamAccount
     self.insert_objectSid(objectSid, dn, domain=True)
   File "./myldap-pub.v2.py", line 1083, in insert_objectSid
     assert rid >= 1000, "sid[%s] rid < 1000" % (sid)
AssertionError: sid[S-1-5-21-496710657-683828429-1874078741-500] rid < 1000

Computers
# fix SID[S-1-5-21-496710657-683828429-1874078741-500 => 
S-1-5-21-496710657-683828429-1874078741-140000] for 
DN[CN=ADMINISTRATOR,OU=Imported Computers,DC=convert,DC=com]

Traceback (most recent call last):
   File "./myldap-pub.v2.py", line 1934, in <module>
     ldap_cmd.run()
   File "./myldap-pub.v2.py", line 1927, in run
     user_principal_name=options.user_principal_name)
   File "./myldap-pub.v2.py", line 449, in __init__
     computer_replace_attrs=computer_replace_attrs)
   File "./myldap-pub.v2.py", line 1694, in convertObjects
     replace_attrs=computer_replace_attrs)
   File "./myldap-pub.v2.py", line 1411, in convert_sambaSamAccount
     self.insert_sAMAccountName(sAMAccountName, dn)
   File "./myldap-pub.v2.py", line 1044, in insert_sAMAccountName
     % (name, self.new_sAMAccountNames[name_lower])
AssertionError: sAMAccountName[NCMAREA$] already exists as 
CN=NCMAREA,OU=Imported Computers,DC=convert,DC=com

More information about the samba-technical mailing list