[Samba] Smbpasswd -m -x not working, "object class violation" error

Andrés Yacopino ayacopino at gmail.com
Thu Feb 16 13:07:02 GMT 2006


I see the attribute displayName(as allowed attribute) in these user object
classes:

-pabperson
-sambasamaccount
-smabagroupmapping

The user account has only this classes:

sambaSamAccount
account
top

Is this wrong?, the attribute could be in some classes at the same time?
Thanks,
Andres.

2006/2/15, Daniel Wilson <daniel.wilson at sunderland.ac.uk>:
>
> What object class is the displayName in and does the user account have
> that object class ? Im sure you need to have the object class before you
> can add/remove the attribute assigned to the object classs.
>
> Attributes belong to and are grouped in objectclasses.
>
> Regards
>
> Daniel Wilson
> Systems Manager
> Student and Learning Support
> University of Sunderland
> Tel: 0191 515 2695
>
>
>
> Andrés Yacopino wrote:
>
> > Thanks for replying Daniel, i execute :grep -il displayName *.ldif
> >
> > and i obtain:
> >
> > 00core.ldif
> > 50ns-admin.ldif
> > 50ns-iabs.ldif
> > 99samba-schema-netscapeds5.x.ldif
> > 99user.ldif
> >
> > And also see the configuration in the console and i see:
> >
> > Standard Attribute(Read Only):
> >
> > Name: displayName
> > OID: 2.16.840.1.113730.3.1.241
> > Syntax: DirectoryString
> > Multivalued: not checked
> >
> > Do you know what is wrong with this?
> > Thanks a lot,
> > Andrés.
> >
> > 2006/2/14, Daniel Wilson <daniel.wilson at sunderland.ac.uk
> > <mailto:daniel.wilson at sunderland.ac.uk>>:
> >
> >     Im sure this means that its trying to delete the displayName
> attribute
> >     which is more than likely not in your LDAP schema.
> >
> >     Look in "<install_dir>/slapd-<hostname>/config/schema/" directory
> for
> >     your schema
> >
> >     To see if "displayName" is part of any object classes in your LDAP
> >     schema search the schema files:
> >
> >     bash# grep -il displayName
> >     <install_dir>/slapd-<hostname>/config/schema/*.ldif
> >
> >     If its not part of your schema you may want to add this attribute to
> >     your 99user.ldif schema file or add the attribute via the Sun LDAP
> >     console (recommended):
> >
> >     bash # <install_dir>/startconsole &
> >     Server Group > Directory  Server (Open) > Configuration > Schema >
> >     Attributes > Create
> >
> >     -or-
> >
> >     you may want to just disable schema checking in your LDAP server :
> >
> >     bash # <install_dir>/startconsole &
> >     Server Group > Directory  Server (Open) > Configuration > Schema
> >     (Disable)
> >
> >     Regards
> >
> >     Daniel Wilson
> >     Systems Manager
> >     Student and Learning Support
> >     University of Sunderland
> >     Tel: 0191 515 2695
> >
> >
> >
> >     Andrés Yacopino wrote:
> >
> >     > Daniel, check the log as you said and i hit this:
> >     >
> >     > [14/Feb/2006:14:19:10 +0300] - ERROR<5897> - Schema  - conn=-1
> op=-1
> >     > msgId=-1 -
> >     > User error:  Entry "uid=aprueba$,ou=computers,o= acasalud.com.ar
> >     <http://acasalud.com.ar>
> >     > <http://acasalud.com.ar>,dc=acasalud,dc=c
> >     > om,dc=ar", attribute "displayName" is not allowed
> >     >
> >     > What does it means?
> >     >
> >     > Thanks,
> >     > Andrés.
> >     >
> >     >
> >     >
> >     > 2006/2/14, Daniel Wilson < daniel.wilson at sunderland.ac.uk
> >     <mailto:daniel.wilson at sunderland.ac.uk>
> >     > <mailto:daniel.wilson at sunderland.ac.uk
> >     <mailto:daniel.wilson at sunderland.ac.uk>>>:
> >     >
> >     >     Have you checkes the Sun LDAP errors.log file for the
> >     specific object
> >     >     class violation? Usually at
> >     >     <install_dir>/slapd-<hostname>/logs/errors.log
> >     >
> >     >     Daniel Wilson
> >     >     Systems Manager
> >     >     Student and Learning Support
> >     >     University of Sunderland
> >     >     Tel: 0191 515 2695
> >     >
> >     >
> >     >
> >     >     Andrés Yacopino wrote:
> >     >
> >     >     >I have deployed a samba server with Sun Java Ldap Directory.
> >     >     >
> >     >     >I sucessfully create users and deleted them when ldap delete
> >     >     dn=yes in
> >     >     >smb.conf, but when ldap delete dn=no i obtain this error when
> i
> >     >     issue a
> >     >     >smbpasswd -m -x command:
> >     >     >
> >     >     >ldapsam_delete_entry: Could not delete attributes for
> >     >     >uid=aprueba$,ou=computers,
> >     >     >o= acasalud.com.ar <http://acasalud.com.ar>
> >     >     <http://acasalud.com.ar>,dc=acasalud,dc=com,dc=ar, error:
> >     Object
> >     >     class violation ()
> >     >     >Failed to delete entry for user aprueba$.
> >     >     >Failed to modify password entry for user aprueba$
> >     >     >
> >     >     >My smb.conf is:
> >     >     >
> >     >     >[global]
> >     >     >
> >     >     >   workgroup = ACASALUDROS
> >     >     >   server string = Sun Samba Server
> >     >     >   security = user
> >     >     >   dos filetimes = yes
> >     >     >   time offset = -360
> >     >     >   load printers = yes
> >     >     >   printcap name = /etc/printcap
> >     >     >   printing = cups
> >     >     >   guest account = guest
> >     >     >   log file = /usr/local/samba/var/log.%m
> >     >     >   log level = 5
> >     >     >   max log size = 50
> >     >     >   null passwords = yes
> >     >     >   encrypt passwords = yes
> >     >     >   ldap password sync = yes
> >     >     >   unix password sync = yes
> >     >     >   username level = 2
> >     >     >   password level = 0
> >     >     >   passwd program = /usr/bin/passwd %u
> >     >     >   passwd chat = *New* password* %n\n *new* password* %n\n
> >     >     *successfully*
> >     >     >        idmap backend = ldapsam:ldap://localhost:389
> >     >     >        passdb backend = ldapsam:ldap://localhost:389
> >     >     >        ldap admin dn = cn=Directory Manager
> >     >     >        ldap suffix = o= acasalud.com.ar
> >     <http://acasalud.com.ar>
> >     >     <http://acasalud.com.ar>,dc=acasalud,dc=com,dc=ar
> >     >     >        ldap user suffix = ou=people
> >     >     >        ldap group suffix = ou=groups
> >     >     >        ldap machine suffix = ou=computers
> >     >     >        ldap idmap suffix = ou=idmap
> >     >     >        ldap delete dn = no
> >     >     >   socket options = TCP_NODELAY=0
> >     >     >   wins server = 10.11.0.2 <http://10.11.0.2>
> >     <http://10.11.0.2>
> >     >     >   dns proxy = no
> >     >     >
> >     >     >what is wrong?
> >     >     >
> >     >     >Is that works only when
> >     >     >
> >     >     >   preferred master = yes
> >     >     >   domain master = yes
> >     >     >   local master = yes
> >     >     >   domain logons = yes
> >     >     >
> >     >     >are yes?
> >     >     >Any other ideas?
> >     >     >
> >     >     >Thanks a lot.
> >     >     >
> >     >     >
> >     >     >--
> >     >     >Andrés Yacopino
> >     >     >
> >     >     >
> >     >
> >     >
> >     >
> >     >
> >     >
> >     > --
> >     > Andrés Yacopino
> >
> >
> >
> >
> >
> >
> > --
> > Andrés Yacopino
>
>
>
>


--
Andrés Yacopino


More information about the samba mailing list