[Samba] How to change objectSid?

Diego Woitasen diego at woitasen.com.ar
Tue Feb 4 16:50:36 MST 2014


Hi,
 I'm trying to modify the objectSid of a group using python-ldap. I've
found that I need a server control to do it but doesn't work. The code
that I'm using:

        modlist = [ (ldap.MOD_REPLACE, 'objectSid', s3sid_packed) ]
        LDB_CONTROL_PROVISION_OID = "1.3.6.1.4.1.7165.4.3.16"
        LDB_CONTROL_RELAX_OID = "1.3.6.1.4.1.4203.666.5.12"
        controls = [ LDAPControl(LDB_CONTROL_PROVISION_OID, criticality=0),
                LDAPControl(LDB_CONTROL_RELAX_OID, criticality=0) ]
        s4ldap.modify_ext_s(s4dn, modlist, serverctrls=controls,
            clientctrls=controls)

I'm using the domain administrator to bind to the server.

The error that I get:

ldap.UNWILLING_TO_PERFORM: {'info': '00002035: samldb: objectSid must
not be specified!', 'desc': 'Server is unwilling to perform'}

Is there a way to do it? I know that it is not something to be done
usually, but trust me, I need it :)

Regards,
  Diego

-- 
Diego Woitasen
Linux and Open Source solutions architect at www.vhgroup.net


More information about the samba mailing list