[Samba] No such Base DN: CN=Produktion A-Studio (alt?), CN=Users, DC=srg2, DC=local / RSAT

mathias dufresne infractory at gmail.com
Thu May 26 11:51:58 UTC 2016 

Parenthesis are not yet a good idea with Samba. A colleague created users
with parenthesis in CN field and we just can't use ldbsearch to look for
them, as long as we set parenthesis in LDAP filter. We must use wildcard to
avoid the bug (bug because we can use escaped parenthesis in filters with
ldapsearch, I can be totally wrong but I do believe if ldapsearch permit
parenthesis the protocol permit it. I insist: no idea who's right between
Samba and ldapsearch).

So I would try to remove parenthesis from CN=Produktion A-Studio (alt?). In
fact I would also remove "?" as it is used as wildcard in lot of stuffs and
could easily by source of issue(s).

How to proceed as you can't delete it?
First for convenience and if you like nano (nobody's perfect ;p ) you can
"export EDITOR=/path/to/your/nano" to avoid "-e nano" on command line. Add
that export to your .bashrc and others apps needed an editor would have a
change to use nano too.

Back to ldbedit:
ldbedit -H $sam 'CN=Guest,CN=Users,DC=ad,DC=dgfip,DC=finances,DC=gouv,DC=fr'
no matching records - cannot edit

Damned! Why? ldbedit is not working with DN as do ldbdel but use searches
as do most of tools. The right way to use is:
ldbedit -H $sam 'CN=Guest' -b
'CN=Users,DC=ad,DC=dgfip,DC=finances,DC=gouv,DC=fr'
# 0 adds  0 modifies  0 deletes

What's the difference?
I've added "-b" switch to tell ldbedit where to start its search:
'CN=Users,DC=ad,DC=dgfip,DC=finances,DC=gouv,DC=fr'
And I specified some filter to retrieve a bunch of objects into the branch
I specified:
'CN=Guest'

Your command would be:
ldbedit -e nano -H /var/db/system/samba4/private/sam.ldb -b
"CN=Users,DC=srg2,DC=local" "CN=Produktion A-Studio (alt?)"

Hoping this could help you to get a solution,

mathias

2016-05-26 11:44 GMT+02:00 Niels Dettenbach <nd at syndicat.com>:

> Hi colleagues,
>
>
> it seems i've hit a bug in SAMBA as follows:
>
> The local windows network admin of our local radio station filled /
> transferred some user account data into our new FreeNAS by the Win RSAT.
> We are setting up SAMBA as a PDC incl. directory service and use the
> current stable FreeNAS with its current SAMBA "4.3.6-GIT-UNKNOWN"
>
> One account name
>
>         "produktion-a"
>
> resulted in some "weird" chars within the CN string:
>
>         CN=Produktion A-Studio (alt?),CN=Users,DC=srg2,DC=local
>
>  which seems to make further problems - i.e. the records inaccessible by
> samba-tool and ldbedit:
>
>
> ~# samba-tool dbcheck --fix
> Checking 448 objects
> ERROR: incorrect GUID component for member in object
> CN=redaktion,CN=Users,DC=srg2,DC=local -
> <GUID=35115b3b-264b-431f-a8a0-e2812d434fde>;<SID=S-1-5-21-3768878909-3194017282-2874830551-1170>;CN=Produktion
> A-Studio (alt?),CN=Users,DC=srg2,DC=local
> unable to find object for DN CN=Produktion A-Studio
> (alt?),CN=Users,DC=srg2,DC=local - (No such Base DN: CN=Produktion A-Studio
> (alt?),CN=Users,DC=srg2,DC=local)
> Not removing dangling forward link
> ERROR: incorrect GUID component for member in object
> CN=freie,CN=Users,DC=srg2,DC=local -
> <GUID=35115b3b-264b-431f-a8a0-e2812d434fde>;<SID=S-1-5-21-3768878909-3194017282-2874830551-1170>;CN=Produktion
> A-Studio (alt?),CN=Users,DC=srg2,DC=local
> unable to find object for DN CN=Produktion A-Studio
> (alt?),CN=Users,DC=srg2,DC=local - (No such Base DN: CN=Produktion A-Studio
> (alt?),CN=Users,DC=srg2,DC=local)
> Not removing dangling forward link
> ERROR: incorrect GUID component for member in object
> CN=radioclient,CN=Users,DC=srg2,DC=local -
> <GUID=35115b3b-264b-431f-a8a0-e2812d434fde>;<SID=S-1-5-21-3768878909-3194017282-2874830551-1170>;CN=Produktion
> A-Studio (alt?),CN=Users,DC=srg2,DC=local
> unable to find object for DN CN=Produktion A-Studio
> (alt?),CN=Users,DC=srg2,DC=local - (No such Base DN: CN=Produktion A-Studio
> (alt?),CN=Users,DC=srg2,DC=local)
> Not removing dangling forward link
> Checked 448 objects (3 errors)
>
> Automatic fixing seems not possible so far....
>
> I tried to recreate and delete the user "produktion-a" by samba-tool and
> clean / get it work with ldbedit (incl. "--relax" option) - i.e.:
>
>         - changing all occurences of "Produktion A-Studio (alt?)" into
> "Produktion A-Studio alt"
>         - deleting all existing occurences of this user (user record,
> membership records)
>
> and get errors like:
>
> ~#ldbedit --relax -e nano -H /var/db/system/samba4/private/sam.ldb
> failed to delete CN=Produktion A-Studio (alt?),CN=Users,DC=srg2,DC=local -
> No such Base DN: CN=Produktion A-Studio (alt?),CN=Users,DC=srg2,DC=local
>
> ~# ldbedit -e nano -H /var/db/system/samba4/private/sam.ldb --cross-ncs
> "CN=Produktion A-Studio (alt?),CN=Users,DC=srg2,DC=local"
> no matching records - cannot edit
>
> For me it seems as the "?" or "()" in the identifier strings are breaking
> some kind of policies (if so they did not had to be accepted) and/or make
> it impossible to find / select the record and/or breaks references within
> the DB.
>
> How can i reach that orphan records to get them out / cleaned?
>
> Many thanks for any help / hint.
>
>
>
> Niels.
>
> i.A.
> StadtRadio Göttingen 107,1 MHz
> http://www.stadtradio-goettingen.de
>
> --
>  ---
>  Niels Dettenbach
>  Syndicat IT & Internet
>  http://www.syndicat.com
>  PGP: https://syndicat.com/pub_key.asc
>  ---
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list