DC demote
Michael Wood
esiotrot at gmail.com
Mon Jan 3 15:47:56 MST 2011
On 4 January 2011 00:11, Vaclav Klecanda <vencax77 at gmail.com> wrote:
> Nobody?
> I have tryed the ldb* utils to delete demoted DC records but without
> success. I was not even able to find out how to delete only attribute
> instead the whole record.
You could try reading the ldapmodify manpage which, I think, describes
the same syntax that ldbmodify uses to add/modify/delete attributes.
> Maybe the better question is: how could I directly change the samba database
> files (LDB, TDB)?
Using ldbmodify or ldbedit etc. should do it, as long as you know what
needs to be modified/deleted. I do not.
> I then tried to bind to LDAP server again using python
> GSSAPI (ldap.sasl) but sasl_interactive_bind_s said:
> Error using SASL mechanism GSSAPI {'info': 'SASL(-4): no mechanism
> available: No worthy mechs found', 'desc': 'Unknown authentication
> method'}.
> I found some discussions about this but no result.
I'm not sure what that's about, but perhaps if you post the code you
were using someone could help.
This has worked for me in the past:
ldap_server = "ldap://%s" % (REALM,)
conn = ldap.initialize(ldap_server)
tokens = ldap.sasl.gssapi()
conn.sasl_interactive_bind_s("", tokens)
> 2010/12/30 Vaclav Klecanda <vencax77 at gmail.com>
>
>> Hi,
>> I have sucessfully setup samba4 PDC and have joined a Win2k8 BDC. Now I
>> removed (demoted) the BDC. I had to use forceremoval param since default
>> process failed. Now I have appropriate records in Samba4 PDC (replication
>> connection, etc.) and want to remove them. I wanted to remove the things
>> through a LDAP browser but some of them are in dc=Configuration,dc=Schema,..
>> subtree which probably wants a special rights since it is inaccessible
>> through anonymous ldap bind. Has anybody been solving that?
Were you able to delete other things using an anonymous bind? That's
surprising.
--
Michael Wood <esiotrot at gmail.com>
More information about the samba-technical
mailing list