[PATCH] s4/ldapcmp: Two new options are added to the tool
Zahari Zahariev
zahari.zahariev at postpath.com
Wed Jan 5 09:56:23 MST 2011
The new ones are --base and --scope they give us the opportunity to
compare DN subsets of the partitions. Now we are also able to compare
any two objects even if they have different DNs. This is exteremely
helpful when you are after nasty nTSecurityDescriptor bug.
---
source4/scripting/python/samba/netcmd/ldapcmp.py | 116 ++++++++++++++--------
1 files changed, 76 insertions(+), 40 deletions(-)
diff --git a/source4/scripting/python/samba/netcmd/ldapcmp.py b/source4/scripting/python/samba/netcmd/ldapcmp.py
index 7816fce..dff0c1e 100755
--- a/source4/scripting/python/samba/netcmd/ldapcmp.py
+++ b/source4/scripting/python/samba/netcmd/ldapcmp.py
@@ -47,7 +47,7 @@ class LDAPBase(object):
def __init__(self, host, creds, lp,
two=False, quiet=False, descriptor=False, verbose=False,
- view="section"):
+ view="section", base="", scope="SUB"):
ldb_options = []
samdb_url = host
if not "://" in host:
@@ -62,6 +62,8 @@ class LDAPBase(object):
credentials=creds,
lp=lp,
options=ldb_options)
+ self.search_base = base
+ self.search_scope = scope
self.two_domains = two
self.quiet = quiet
self.descriptor = descriptor
@@ -591,6 +593,8 @@ class LDAPBundel(object):
self.two_domains = self.con.two_domains
self.quiet = self.con.quiet
self.verbose = self.con.verbose
+ self.search_base = self.con.search_base
+ self.search_scope = self.con.search_scope
self.summary = {}
self.summary["unique_attrs"] = []
self.summary["df_value_attrs"] = []
@@ -635,32 +639,36 @@ class LDAPBundel(object):
self.log( "\n* DN lists have different size: %s != %s" % (self.size, other.size) )
res = False
#
- title= "\n* DNs found only in %s:" % self.con.host
- for x in self.dn_list:
- if not x.upper() in [q.upper() for q in other.dn_list]:
- if title:
- self.log( title )
- title = None
- res = False
- self.log( 4*" " + x )
- self.dn_list[self.dn_list.index(x)] = ""
- self.dn_list = [x for x in self.dn_list if x]
- #
- title= "\n* DNs found only in %s:" % other.con.host
- for x in other.dn_list:
- if not x.upper() in [q.upper() for q in self.dn_list]:
- if title:
- self.log( title )
- title = None
- res = False
- self.log( 4*" " + x )
- other.dn_list[other.dn_list.index(x)] = ""
- other.dn_list = [x for x in other.dn_list if x]
- #
- self.update_size()
- other.update_size()
- assert self.size == other.size
- assert sorted([x.upper() for x in self.dn_list]) == sorted([x.upper() for x in other.dn_list])
+ # This is the case where we want to explicitly compare two objects with different DNs.
+ # It does not matter if they are in the same DC, in two DC in one domain or in two
+ # different domains.
+ if self.search_scope != SCOPE_BASE:
+ title= "\n* DNs found only in %s:" % self.con.host
+ for x in self.dn_list:
+ if not x.upper() in [q.upper() for q in other.dn_list]:
+ if title:
+ self.log( title )
+ title = None
+ res = False
+ self.log( 4*" " + x )
+ self.dn_list[self.dn_list.index(x)] = ""
+ self.dn_list = [x for x in self.dn_list if x]
+ #
+ title= "\n* DNs found only in %s:" % other.con.host
+ for x in other.dn_list:
+ if not x.upper() in [q.upper() for q in self.dn_list]:
+ if title:
+ self.log( title )
+ title = None
+ res = False
+ self.log( 4*" " + x )
+ other.dn_list[other.dn_list.index(x)] = ""
+ other.dn_list = [x for x in other.dn_list if x]
+ #
+ self.update_size()
+ other.update_size()
+ assert self.size == other.size
+ assert sorted([x.upper() for x in self.dn_list]) == sorted([x.upper() for x in other.dn_list])
self.log( "\n* Objects to be compared: %s" % self.size )
index = 0
@@ -718,10 +726,22 @@ class LDAPBundel(object):
search_base = "CN=Schema,CN=Configuration,%s" % self.con.base_dn
dn_list = []
- res = self.con.ldb.search(base=search_base, scope=SCOPE_SUBTREE, attrs=["dn"])
+ if not self.search_base:
+ self.search_base = search_base
+ self.search_scope = self.search_scope.upper()
+ if self.search_scope == "SUB":
+ self.search_scope = SCOPE_SUBTREE
+ elif self.search_scope == "BASE":
+ self.search_scope = SCOPE_BASE
+ elif self.search_scope == "ONE":
+ self.search_scope = SCOPE_ONELEVEL
+ else:
+ raise StandardError("Wrong 'scope' given. Choose from: SUB, ONE, BASE")
+ if not self.search_base.upper().endswith(search_base.upper()):
+ raise StandardError("Invalid search base specified: %s" % self.search_base)
+ res = self.con.ldb.search(base=self.search_base, scope=self.search_scope, attrs=["dn"])
for x in res:
dn_list.append(x["dn"].get_linearized())
-
#
global summary
#
@@ -754,24 +774,31 @@ class cmd_ldapcmp(Command):
takes_options = [
Option("-w", "--two", dest="two", action="store_true", default=False,
- help="Hosts are in two different domains"),
+ help="Hosts are in two different domains"),
Option("-q", "--quiet", dest="quiet", action="store_true", default=False,
- help="Do not print anything but relay on just exit code"),
+ help="Do not print anything but relay on just exit code"),
Option("-v", "--verbose", dest="verbose", action="store_true", default=False,
- help="Print all DN pairs that have been compared"),
+ help="Print all DN pairs that have been compared"),
Option("--sd", dest="descriptor", action="store_true", default=False,
- help="Compare nTSecurityDescriptor attibutes only"),
+ help="Compare nTSecurityDescriptor attibutes only"),
Option("--view", dest="view", default="section",
- help="Display mode for nTSecurityDescriptor results. Possible values: section or collision.")
+ help="Display mode for nTSecurityDescriptor results. Possible values: section or collision."),
+ Option("--base", dest="base", default="",
+ help="Pass search base that will build DN list for the first DC."),
+ Option("--base2", dest="base2", default="",
+ help="Pass search base that will build DN list for the second DC. Used when --two or when compare two different DNs."),
+ Option("--scope", dest="scope", default="SUB",
+ help="Pass search scope that builds DN list. Options: SUB, ONE, BASE"),
]
def run(self, URL1, URL2,
context1=None, context2=None, context3=None,
two=False, quiet=False, verbose=False, descriptor=False, view="section",
+ base="", base2="", scope="SUB",
credopts=None, sambaopts=None, versionopts=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp, fallback_machine=True)
- creds2 = credopts.get_credentials2(lp, False)
+ creds2 = credopts.get_credentials2(lp, guess=False)
if creds2.is_anonymous():
creds2 = creds
else:
@@ -783,8 +810,13 @@ class cmd_ldapcmp(Command):
# make a list of contexts to compare in
contexts = []
if context1 is None:
- # if no argument given, we compare all contexts
- contexts = ["DOMAIN", "CONFIGURATION", "SCHEMA"]
+ if base and base2:
+ # If search bases are specified context is defaulted to
+ # DOMAIN so the given search bases can be verified.
+ contexts = ["DOMAIN"]
+ else:
+ # if no argument given, we compare all contexts
+ contexts = ["DOMAIN", "CONFIGURATION", "SCHEMA"]
else:
for c in [context1, context2, context3]:
if c is None:
@@ -795,15 +827,19 @@ class cmd_ldapcmp(Command):
if verbose and quiet:
raise CommandError("You cannot set --verbose and --quiet together")
+ if (not base and base2) or (base and not base2):
+ raise CommandError("You need to specify both --base and --base2 at the same time")
if descriptor and view.upper() not in ["SECTION", "COLLISION"]:
- raise CommandError("Unknown --view option value. Choose from: section or collision.")
+ raise CommandError("Invalid --view value. Choose from: section or collision")
+ if not scope.upper() in ["SUB", "ONE", "BASE"]:
+ raise CommandError("Invalid --scope value. Choose from: SUB, ONE, BASE")
con1 = LDAPBase(URL1, creds, lp,
- two=two, quiet=quiet, descriptor=descriptor, verbose=verbose, view=view)
+ two=two, quiet=quiet, descriptor=descriptor, verbose=verbose, view=view, base=base, scope=scope)
assert len(con1.base_dn) > 0
con2 = LDAPBase(URL2, creds2, lp,
- two=two, quiet=quiet, descriptor=descriptor, verbose=verbose, view=view)
+ two=two, quiet=quiet, descriptor=descriptor, verbose=verbose, view=view, base=base2, scope=scope)
assert len(con2.base_dn) > 0
status = 0
--
1.7.1
--------------050401000200070204020904
Content-Type: text/plain;
name="example1.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="example1.txt"
* Place-holders for 10.191.10.91:
${DOMAIN_DN} => DC=samba91,DC=virtual
${DOMAIN_NETBIOS} => SAMBA91-0
${SERVER_NAME} => ['UBUNTU910']
${DOMAIN_NAME} => samba91.virtual
* Place-holders for 10.191.10.95:
${DOMAIN_DN} => DC=zahari,DC=tk
${DOMAIN_NETBIOS} => ZAHARI
${SERVER_NAME} => ['WIN2003']
${DOMAIN_NAME} => zahari.tk
* Comparing [DOMAIN] context...
* Objects to be compared: 12
Comparing:
'CN=Builtin,DC=samba91,DC=virtual' [10.191.10.91]
'CN=Builtin,DC=zahari,DC=tk' [10.191.10.95]
Difference in ACE count:
=> 23
=> 67
ACEs found only in 10.191.10.91:
(A;;RPLCLORC;;;DA)
(OA;CIIOID;RPWPCR;Private-Information;;PS)
ACEs found only in 10.191.10.95:
(A;;RP;;;WD)
(A;;RPLCLORC;;;ED)
(A;;RPRC;;;RU)
(A;;RPWPCRCCLCLORCWOWDSW;;;DA)
(A;CI;LC;;;RU)
(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)
(A;CI;RPWPCRCCLCLORCWOWDSDSW;;;BA)
(A;CIID;LC;;;Exchange Enterprise Servers)
(OA;;CR;Create-Inbound-Forest-Trust;;IF)
(OA;;CR;DS-Replication-Get-Changes-All;;BA)
(OA;;CR;DS-Replication-Get-Changes-All;;DD)
(OA;;CR;DS-Replication-Get-Changes;;BA)
(OA;;CR;DS-Replication-Get-Changes;;ED)
(OA;;CR;DS-Replication-Manage-Topology;;BA)
(OA;;CR;DS-Replication-Manage-Topology;;ED)
(OA;;CR;DS-Replication-Synchronize;;BA)
(OA;;CR;DS-Replication-Synchronize;;ED)
(OA;;CR;Enable-Per-User-Reversibly-Encrypted-Password;;AU)
(OA;;CR;Unexpire-Password;;AU)
(OA;;CR;Update-Password-Not-Required-Bit;;AU)
(OA;;RP;Domain-Other-Parameters;;AU)
(OA;;RP;Domain-Other-Parameters;;RU)
(OA;;RP;Domain-Password;;RU)
(OA;CIID;WP;Display-Name;;Exchange Enterprise Servers)
(OA;CIID;WP;Group-Type;;Exchange Enterprise Servers)
(OA;CIID;WP;Personal-Information;;Exchange Enterprise Servers)
(OA;CIID;WP;Public-Information;;Exchange Enterprise Servers)
(OA;CIIO;RP;General-Information;User;RU)
(OA;CIIO;RP;General-Information;inetOrgPerson;RU)
(OA;CIIO;RP;Membership;User;RU)
(OA;CIIO;RP;Membership;inetOrgPerson;RU)
(OA;CIIO;RP;RAS-Information;User;RU)
(OA;CIIO;RP;RAS-Information;inetOrgPerson;RU)
(OA;CIIO;RP;Token-Groups;Computer;ED)
(OA;CIIO;RP;Token-Groups;Group;ED)
(OA;CIIO;RP;Token-Groups;User;ED)
(OA;CIIO;RP;User-Account-Restrictions;User;RU)
(OA;CIIO;RP;User-Account-Restrictions;inetOrgPerson;RU)
(OA;CIIO;RP;User-Logon;User;RU)
(OA;CIIO;RP;User-Logon;inetOrgPerson;RU)
(OA;CIIO;RPLCLORC;;Group;RU)
(OA;CIIO;RPLCLORC;;User;RU)
(OA;CIIO;RPLCLORC;;inetOrgPerson;RU)
(OA;CIIOID;RPLCLORC;;User;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORC;;inetOrgPerson;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORCWD;;Group;Exchange Enterprise Servers)
FAILED
Comparing:
'CN=Computers,DC=samba91,DC=virtual' [10.191.10.91]
'CN=Computers,DC=zahari,DC=tk' [10.191.10.95]
Difference in ACE count:
=> 23
=> 35
ACEs found only in 10.191.10.91:
(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)
(OA;CIIOID;RPWPCR;Private-Information;;PS)
ACEs found only in 10.191.10.95:
(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)
(A;CIID;LC;;;Exchange Enterprise Servers)
(OA;;CCDC;Computer;;AO)
(OA;;CCDC;Group;;AO)
(OA;;CCDC;Print-Queue;;PO)
(OA;;CCDC;User;;AO)
(OA;;CCDC;inetOrgPerson;;AO)
(OA;CIID;WP;Display-Name;;Exchange Enterprise Servers)
(OA;CIID;WP;Group-Type;;Exchange Enterprise Servers)
(OA;CIID;WP;Personal-Information;;Exchange Enterprise Servers)
(OA;CIID;WP;Public-Information;;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORC;;User;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORC;;inetOrgPerson;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORCWD;;Group;Exchange Enterprise Servers)
FAILED
Comparing:
'CN=ForeignSecurityPrincipals,DC=samba91,DC=virtual' [10.191.10.91]
'CN=ForeignSecurityPrincipals,DC=zahari,DC=tk' [10.191.10.95]
Difference in ACE count:
=> 23
=> 30
ACEs found only in 10.191.10.91:
(OA;CIIOID;RPWPCR;Private-Information;;PS)
ACEs found only in 10.191.10.95:
(A;CIID;LC;;;Exchange Enterprise Servers)
(OA;CIID;WP;Display-Name;;Exchange Enterprise Servers)
(OA;CIID;WP;Group-Type;;Exchange Enterprise Servers)
(OA;CIID;WP;Personal-Information;;Exchange Enterprise Servers)
(OA;CIID;WP;Public-Information;;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORC;;User;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORC;;inetOrgPerson;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORCWD;;Group;Exchange Enterprise Servers)
FAILED
Comparing:
'CN=Infrastructure,DC=samba91,DC=virtual' [10.191.10.91]
'CN=Infrastructure,DC=zahari,DC=tk' [10.191.10.95]
Difference in ACE count:
=> 21
=> 30
ACEs found only in 10.191.10.91:
(A;;0x1fffffff;;;SY)
(OA;CIIOID;RPWPCR;Private-Information;;PS)
ACEs found only in 10.191.10.95:
(A;;RPLCLORC;;;AU)
(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
(A;;RPWPCRCCLCLORCWOWDSW;;;DA)
(A;CIID;LC;;;Exchange Enterprise Servers)
(OA;CIID;WP;Display-Name;;Exchange Enterprise Servers)
(OA;CIID;WP;Group-Type;;Exchange Enterprise Servers)
(OA;CIID;WP;Personal-Information;;Exchange Enterprise Servers)
(OA;CIID;WP;Public-Information;;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORC;;User;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORC;;inetOrgPerson;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORCWD;;Group;Exchange Enterprise Servers)
FAILED
Comparing:
'CN=LostAndFound,DC=samba91,DC=virtual' [10.191.10.91]
'CN=LostAndFound,DC=zahari,DC=tk' [10.191.10.95]
Difference in ACE count:
=> 23
=> 30
ACEs found only in 10.191.10.91:
(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)
(OA;CIIOID;RPWPCR;Private-Information;;PS)
ACEs found only in 10.191.10.95:
(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)
(A;CIID;LC;;;Exchange Enterprise Servers)
(OA;CIID;WP;Display-Name;;Exchange Enterprise Servers)
(OA;CIID;WP;Group-Type;;Exchange Enterprise Servers)
(OA;CIID;WP;Personal-Information;;Exchange Enterprise Servers)
(OA;CIID;WP;Public-Information;;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORC;;User;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORC;;inetOrgPerson;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORCWD;;Group;Exchange Enterprise Servers)
FAILED
Comparing:
'CN=Microsoft Exchange System Objects,DC=samba91,DC=virtual' [10.191.10.91]
'CN=Microsoft Exchange System Objects,DC=zahari,DC=tk' [10.191.10.95]
Difference in ACE count:
=> 33
=> 31
ACEs found only in 10.191.10.91:
(A;;CCDC;;;S-1-5-21-2940978807-3971891375-284307887-1110)
(OA;;RP;General-Information;;AU)
(OA;;RP;Personal-Information;;AU)
(OA;;RP;Public-Information;;AU)
(OA;;RP;Web-Information;;AU)
(OA;CIIOID;RPWPCR;Private-Information;;PS)
ACEs found only in 10.191.10.95:
(A;;CCDC;;;S-1-5-21-303177680-53963143-2093335467-1112)
(A;;RPLCLORC;;;AU)
(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;Exchange Domain Servers)
(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;Exchange Enterprise Servers)
FAILED
Comparing:
'CN=NTDS Quotas,DC=samba91,DC=virtual' [10.191.10.91]
'CN=NTDS Quotas,DC=zahari,DC=tk' [10.191.10.95]
Difference in ACE count:
=> 23
=> 30
ACEs found only in 10.191.10.91:
(OA;CIIOID;RPWPCR;Private-Information;;PS)
ACEs found only in 10.191.10.95:
(A;CIID;LC;;;Exchange Enterprise Servers)
(OA;CIID;WP;Display-Name;;Exchange Enterprise Servers)
(OA;CIID;WP;Group-Type;;Exchange Enterprise Servers)
(OA;CIID;WP;Personal-Information;;Exchange Enterprise Servers)
(OA;CIID;WP;Public-Information;;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORC;;User;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORC;;inetOrgPerson;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORCWD;;Group;Exchange Enterprise Servers)
FAILED
Comparing:
'CN=Program Data,DC=samba91,DC=virtual' [10.191.10.91]
'CN=Program Data,DC=zahari,DC=tk' [10.191.10.95]
Difference in ACE count:
=> 23
=> 30
ACEs found only in 10.191.10.91:
(OA;CIIOID;RPWPCR;Private-Information;;PS)
ACEs found only in 10.191.10.95:
(A;CIID;LC;;;Exchange Enterprise Servers)
(OA;CIID;WP;Display-Name;;Exchange Enterprise Servers)
(OA;CIID;WP;Group-Type;;Exchange Enterprise Servers)
(OA;CIID;WP;Personal-Information;;Exchange Enterprise Servers)
(OA;CIID;WP;Public-Information;;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORC;;User;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORC;;inetOrgPerson;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORCWD;;Group;Exchange Enterprise Servers)
FAILED
Comparing:
'CN=System,DC=samba91,DC=virtual' [10.191.10.91]
'CN=System,DC=zahari,DC=tk' [10.191.10.95]
Difference in ACE count:
=> 23
=> 30
ACEs found only in 10.191.10.91:
(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)
(OA;CIIOID;RPWPCR;Private-Information;;PS)
ACEs found only in 10.191.10.95:
(A;;RPWPCRCCLCLORCWOWDSW;;;DA)
(A;CIID;LC;;;Exchange Enterprise Servers)
(OA;CIID;WP;Display-Name;;Exchange Enterprise Servers)
(OA;CIID;WP;Group-Type;;Exchange Enterprise Servers)
(OA;CIID;WP;Personal-Information;;Exchange Enterprise Servers)
(OA;CIID;WP;Public-Information;;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORC;;User;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORC;;inetOrgPerson;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORCWD;;Group;Exchange Enterprise Servers)
FAILED
Comparing:
'CN=Users,DC=samba91,DC=virtual' [10.191.10.91]
'CN=Users,DC=zahari,DC=tk' [10.191.10.95]
Difference in ACE count:
=> 23
=> 34
ACEs found only in 10.191.10.91:
(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)
(OA;CIIOID;RPWPCR;Private-Information;;PS)
ACEs found only in 10.191.10.95:
(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)
(A;CIID;LC;;;Exchange Enterprise Servers)
(OA;;CCDC;Group;;AO)
(OA;;CCDC;Print-Queue;;PO)
(OA;;CCDC;User;;AO)
(OA;;CCDC;inetOrgPerson;;AO)
(OA;CIID;WP;Display-Name;;Exchange Enterprise Servers)
(OA;CIID;WP;Group-Type;;Exchange Enterprise Servers)
(OA;CIID;WP;Personal-Information;;Exchange Enterprise Servers)
(OA;CIID;WP;Public-Information;;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORC;;User;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORC;;inetOrgPerson;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORCWD;;Group;Exchange Enterprise Servers)
FAILED
Comparing:
'OU=Domain Controllers,DC=samba91,DC=virtual' [10.191.10.91]
'OU=Domain Controllers,DC=zahari,DC=tk' [10.191.10.95]
Difference in ACE count:
=> 29
=> 31
ACEs found only in 10.191.10.91:
(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)
(OA;;CCDC;Computer;;AO)
(OA;;CCDC;Group;;AO)
(OA;;CCDC;Print-Queue;;PO)
(OA;;CCDC;User;;AO)
(OA;;CCDC;inetOrgPerson;;AO)
(OA;CIIOID;RPWPCR;Private-Information;;PS)
ACEs found only in 10.191.10.95:
(A;;RPWPCRCCLCLORCWOWDSW;;;DA)
(A;CIID;LC;;;Exchange Enterprise Servers)
(OA;CIID;WP;Display-Name;;Exchange Enterprise Servers)
(OA;CIID;WP;Group-Type;;Exchange Enterprise Servers)
(OA;CIID;WP;Personal-Information;;Exchange Enterprise Servers)
(OA;CIID;WP;Public-Information;;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORC;;User;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORC;;inetOrgPerson;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORCWD;;Group;Exchange Enterprise Servers)
FAILED
Comparing:
'OU=Hosted,DC=samba91,DC=virtual' [10.191.10.91]
'OU=Hosted,DC=zahari,DC=tk' [10.191.10.95]
Difference in ACE count:
=> 32
=> 23
ACEs found only in 10.191.10.91:
(A;;RPLCLORC;;;AU)
(A;CIID;LC;;;Exchange Enterprise Servers)
(A;CIID;LC;;;RU)
(A;CIID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)
(A;CIID;RPWPCRCCLCLORCWOWDSDSW;;;BA)
(OA;CIID;WP;Display-Name;;Exchange Enterprise Servers)
(OA;CIID;WP;Group-Type;;Exchange Enterprise Servers)
(OA;CIID;WP;Personal-Information;;Exchange Enterprise Servers)
(OA;CIID;WP;Public-Information;;Exchange Enterprise Servers)
(OA;CIIOID;RP;General-Information;User;RU)
(OA;CIIOID;RP;General-Information;inetOrgPerson;RU)
(OA;CIIOID;RP;Membership;User;RU)
(OA;CIIOID;RP;Membership;inetOrgPerson;RU)
(OA;CIIOID;RP;RAS-Information;User;RU)
(OA;CIIOID;RP;RAS-Information;inetOrgPerson;RU)
(OA;CIIOID;RP;Token-Groups;Computer;ED)
(OA;CIIOID;RP;Token-Groups;Group;ED)
(OA;CIIOID;RP;Token-Groups;User;ED)
(OA;CIIOID;RP;User-Account-Restrictions;User;RU)
(OA;CIIOID;RP;User-Account-Restrictions;inetOrgPerson;RU)
(OA;CIIOID;RP;User-Logon;User;RU)
(OA;CIIOID;RP;User-Logon;inetOrgPerson;RU)
(OA;CIIOID;RPLCLORC;;Group;RU)
(OA;CIIOID;RPLCLORC;;User;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORC;;User;RU)
(OA;CIIOID;RPLCLORC;;inetOrgPerson;Exchange Enterprise Servers)
(OA;CIIOID;RPLCLORC;;inetOrgPerson;RU)
(OA;CIIOID;RPLCLORCWD;;Group;Exchange Enterprise Servers)
(OA;CIIOID;RPWPCR;Private-Information;;PS)
ACEs found only in 10.191.10.95:
(A;;LC;;;Registered)
(A;;RPLCLORC;;;ED)
(A;CI;LC;;;Exchange Enterprise Servers)
(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)
(A;CI;RPWPCRCCLCLORCWOWDSDSW;;;BA)
(OA;;CCDC;Computer;;AO)
(OA;;CCDC;Group;;AO)
(OA;;CCDC;Print-Queue;;PO)
(OA;;CCDC;User;;AO)
(OA;;CCDC;inetOrgPerson;;AO)
(OA;CI;WP;Display-Name;;Exchange Enterprise Servers)
(OA;CI;WP;Group-Type;;Exchange Enterprise Servers)
(OA;CI;WP;Personal-Information;;Exchange Enterprise Servers)
(OA;CI;WP;Public-Information;;Exchange Enterprise Servers)
(OA;CIIO;RP;Token-Groups;Computer;ED)
(OA;CIIO;RP;Token-Groups;Group;ED)
(OA;CIIO;RP;Token-Groups;User;ED)
(OA;CIIO;RPLCLORC;;User;Exchange Enterprise Servers)
(OA;CIIO;RPLCLORC;;inetOrgPerson;Exchange Enterprise Servers)
(OA;CIIO;RPLCLORCWD;;Group;Exchange Enterprise Servers)
FAILED
* Result for [DOMAIN]: FAILURE
--------------050401000200070204020904
Content-Type: text/plain;
name="example2.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="example2.txt"
* Place-holders for 10.191.10.91:
${DOMAIN_DN} => DC=samba91,DC=virtual
${DOMAIN_NETBIOS} => SAMBA91-0
${SERVER_NAME} => ['UBUNTU910']
${DOMAIN_NAME} => samba91.virtual
* Place-holders for 10.191.10.95:
${DOMAIN_DN} => DC=zahari,DC=tk
${DOMAIN_NETBIOS} => ZAHARI
${SERVER_NAME} => ['WIN2003']
${DOMAIN_NAME} => zahari.tk
* Comparing [DOMAIN] context...
* Objects to be compared: 1
Comparing:
'OU=Hosted,DC=samba91,DC=virtual' [10.191.10.91]
'DC=zahari,DC=tk' [10.191.10.95]
Attributes found only in 10.191.10.91:
displayName
objectVersion
ou
Attributes found only in 10.191.10.95:
minPwdLength
isCriticalSystemObject
msDS-AllUsersTrustQuota
auditingPolicy
msDS-PerUserTrustQuota
maxPwdAge
forceLogoff
lockoutDuration
serverState
lockOutObservationWindow
ms-DS-MachineAccountQuota
modifiedCountAtLastProm
pwdProperties
minPwdAge
msDS-Behavior-Version
dc
nextRid
lockoutThreshold
nTMixedDomain
pwdHistoryLength
uASCompat
msDS-PerUserTrustTombstonesQuota
systemFlags
Difference in attribute values:
distinguishedName =>
['OU=HOSTED,${DOMAIN_DN}']
['${DOMAIN_DN}']
name =>
['FALSE']
['TRUE']
objectClass =>
['organizationalUnit', 'top']
['domain', 'domainDNS', 'top']
instanceType =>
['4']
['5']
FAILED
* Result for [DOMAIN]: FAILURE
SUMMARY
---------
Attributes found only in 10.191.10.91:
ou
displayName
objectVersion
Attributes with different values:
distinguishedName
objectClass
name
instanceType
Attributes found only in 10.191.10.95:
minPwdLength
isCriticalSystemObject
msDS-AllUsersTrustQuota
auditingPolicy
msDS-PerUserTrustQuota
modifiedCountAtLastProm
maxPwdAge
forceLogoff
lockoutDuration
minPwdAge
serverState
lockOutObservationWindow
ms-DS-MachineAccountQuota
pwdProperties
msDS-Behavior-Version
dc
nextRid
lockoutThreshold
nTMixedDomain
pwdHistoryLength
uASCompat
msDS-PerUserTrustTombstonesQuota
systemFlags
--------------050401000200070204020904--
More information about the samba-technical
mailing list