[Samba] ldbadd issue on Samba 4.1.13 AD DC
Rowland penny
rpenny at samba.org
Tue Feb 9 20:48:57 UTC 2016
On 09/02/16 19:59, Allen Chen wrote:
> Hi there,
>
> I have Samba 4.1.13 AD DC compiled on CentOS 6.2 (32bit). Everything
> is working fine.
>
> Issue: ldbadd cannot re-add a deleted user account.
> What I did:
> 1. save user account
> # ./bin/ldbsearch -H /usr/local/samba/private/sam.ldb
> sAMAccountName=krtu > ./user-add.ldif
>
> 2. delete the user account
> # ./bin/ldbdel -H /usr/local/samba/private/sam.ldb
> "CN=krtu,CN=Users,DC=mydomain,DC=com"
> This user has been deleted. ldbsearch couldn't find it.
>
> 2. add it back again
> First remove the following attr from the saved file user-add.ldif
> sAMAccountType
> memberOf
> objectGUID
> primaryGroupID
>
> Then ldbadd gives the error:
> # ./bin/ldbadd -H /usr/local/samba/private/sam.ldb ./user-add.ldif
> ERR: Entry already exists : "../lib/ldb/ldb_tdb/ldb_index.c:1216:
> Failed to re-index objectSid in CN=krtu,CN=Users,DC=mydomain,DC=com -
> ../lib/ldb/ldb_tdb/ldb_index.c:1148: unique index violation on
> objectSid in CN=krtu,CN=Users,DC=mydomain,DC=com" on DN
> CN=krtu,CN=Users,DC=mydomain,DC=com at block before line 36
> Add failed after processing 0 records
>
> Is it normal?
>
> Thanks,
Two things spring to mind, first, why would you want to delete a user
and then recreate it again.
Secondly, the users SID comes in two parts, the SID (this is used for
for all domain objects) and a RID, this RID comes from a pool and this
may be your problem.
Can we see the ldif you used (suitably sanitized).
Rowland
More information about the samba
mailing list