[PATCH] A script to assist in restoring deleted objects
jpyeron at pdinc.us
Fri Jul 13 23:51:36 UTC 2018
> -----Original Message-----
> From: Andrew Bartlett
> Sent: Friday, July 13, 2018 18:52
> Subject: Re: [PATCH] A script to assist in restoring deleted objects
> On Fri, 2018-07-13 at 17:50 -0400, Kyle Marek wrote:
> > On 05/21/2017 06:35 PM, Andrew Bartlett wrote:
> > > I recently worked with a client that needed to restore some objects
> > > accidentally deleted in their AD. They had nightly backups to obtain
> > >
> > > Please comment/review/push!
> > >
> > > Thanks,
> > >
> > > Andrew Bartlett
> > (old thread; link:
> > Hello Andrew,
> > I am testing your script for use in a similar situation. My
> test case is deleting a user named "DontDeleteMe". However, I
> am having some issues with a fresh domain using Samba 4.8.2
> (built from refs/tags/samba-4.8.2):
> > Minor formatting issues in the LDIF (See attachment; lines
> 1-2 should be comment?; lines 4-7 should not be indented)
> > After making the above corrections, I cannot seem to
> actually apply the LDIF (see errors below)
> > [kmarek at pdinc-samba-recovery-test2 samba]$ env
> LDAPTLS_REQCERT=never ldapmodify -H ldaps://localhost -f
> ductions,DC=net -W
> > Enter LDAP Password:
> > modifying rdn of entry "<GUID=a6d1c805-d673-4768-a31d-6aa578125c44>"
> > ldap_rename: Server is unwilling to perform (53)
> > additional info: 00002035: Unwilling to perform. Old
> RDN must be deleted
> > [kmarek at pdinc-samba-recovery-test2 samba]$ sudo env
> ldbmodify -H /usr/local/samba/private/sam.ldb < diff.ldif
> > ERR: (Constraint violation) "modrdn: deleteoldrdn=0 not
> supported." on DN at block before line 8
> > Modify failed after processing 0 records
> > Should these LDIFs still be applicable to newer Samba? If
> so, how can I apply this one and make my LDAPs match?
> This is likely the untested half of the script. By the time the
> customer got to me their objects had expired, and the reason we don't
> have it in master is that I never got around to adding the tests.
> It could be as simple as changing
> "deleteoldrdn: 0"
> "deleteoldrdn: 1"
I tried to do the same with before Kyle on a unilateral script (no backup) but I was sure I was making some other mistake.
The output I get with deleteoldrdn: 1 is:
# ldbmodify -H /usr/local/samba/private/sam.ldb < test.ldif
ERR: (No such object) "Base-DN '<GUID=xxxxxxxxxxxxxxxxxxxxxxxx>' not found" on DN at block before line 6
Modify failed after processing 0 records
# ldapmodify -H ldaps://127.0.0.1 -W -D cn=Administrator,cn=Users,dc=xxxxxxxxxxxxxxxxxxxxxxxx < test.ldif
Enter LDAP Password:
modifying rdn of entry "<GUID=xxxxxxxxxxxxxxxxxxxxxxxx>"
ldap_rename: No such object (32)
additional info: Base-DN '<GUID=xxxxxxxxxxxxxxxxxxxxxxxx>' not found
> If you could add some tests around the patch I would love to see this
If we get there...
- Jason Pyeron PD Inc. http://www.pdinc.us -
- Principal Consultant 10 West 24th Street #100 -
- +1 (443) 269-1555 x333 Baltimore, Maryland 21218 -
More information about the samba-technical