[Samba] No such Base DN: CN=Produktion A-Studio (alt?), CN=Users, DC=srg2, DC=local / RSAT
mathias dufresne
infractory at gmail.com
Thu May 26 15:35:15 UTC 2016
2016-05-26 13:51 GMT+02:00 mathias dufresne <infractory at gmail.com>:
> Parenthesis are not yet a good idea with Samba. A colleague created users
> with parenthesis in CN field and we just can't use ldbsearch to look for
> them, as long as we set parenthesis in LDAP filter. We must use wildcard to
> avoid the bug (bug because we can use escaped parenthesis in filters with
> ldapsearch, I can be totally wrong but I do believe if ldapsearch permit
> parenthesis the protocol permit it. I insist: no idea who's right between
> Samba and ldapsearch).
>
Stupid me!
https://msdn.microsoft.com/en-us/library/aa746475%28v=vs.85%29.aspx
So we can simply replace parenthesis and others special characters with
necessary codes. Some MS behaviour well reproduced, not a bug, mea culpa : )
>
> So I would try to remove parenthesis from CN=Produktion A-Studio (alt?).
> In fact I would also remove "?" as it is used as wildcard in lot of stuffs
> and could easily by source of issue(s).
>
> How to proceed as you can't delete it?
> First for convenience and if you like nano (nobody's perfect ;p ) you can
> "export EDITOR=/path/to/your/nano" to avoid "-e nano" on command line. Add
> that export to your .bashrc and others apps needed an editor would have a
> change to use nano too.
>
> Back to ldbedit:
> ldbedit -H $sam
> 'CN=Guest,CN=Users,DC=ad,DC=dgfip,DC=finances,DC=gouv,DC=fr'
> no matching records - cannot edit
>
> Damned! Why? ldbedit is not working with DN as do ldbdel but use searches
> as do most of tools. The right way to use is:
> ldbedit -H $sam 'CN=Guest' -b
> 'CN=Users,DC=ad,DC=dgfip,DC=finances,DC=gouv,DC=fr'
> # 0 adds 0 modifies 0 deletes
>
> What's the difference?
> I've added "-b" switch to tell ldbedit where to start its search:
> 'CN=Users,DC=ad,DC=dgfip,DC=finances,DC=gouv,DC=fr'
> And I specified some filter to retrieve a bunch of objects into the branch
> I specified:
> 'CN=Guest'
>
> Your command would be:
> ldbedit -e nano -H /var/db/system/samba4/private/sam.ldb -b
> "CN=Users,DC=srg2,DC=local" "CN=Produktion A-Studio (alt?)"
>
> Hoping this could help you to get a solution,
>
> mathias
>
> 2016-05-26 11:44 GMT+02:00 Niels Dettenbach <nd at syndicat.com>:
>
>> Hi colleagues,
>>
>>
>> it seems i've hit a bug in SAMBA as follows:
>>
>> The local windows network admin of our local radio station filled /
>> transferred some user account data into our new FreeNAS by the Win RSAT.
>> We are setting up SAMBA as a PDC incl. directory service and use the
>> current stable FreeNAS with its current SAMBA "4.3.6-GIT-UNKNOWN"
>>
>> One account name
>>
>> "produktion-a"
>>
>> resulted in some "weird" chars within the CN string:
>>
>> CN=Produktion A-Studio (alt?),CN=Users,DC=srg2,DC=local
>>
>> which seems to make further problems - i.e. the records inaccessible by
>> samba-tool and ldbedit:
>>
>>
>> ~# samba-tool dbcheck --fix
>> Checking 448 objects
>> ERROR: incorrect GUID component for member in object
>> CN=redaktion,CN=Users,DC=srg2,DC=local -
>> <GUID=35115b3b-264b-431f-a8a0-e2812d434fde>;<SID=S-1-5-21-3768878909-3194017282-2874830551-1170>;CN=Produktion
>> A-Studio (alt?),CN=Users,DC=srg2,DC=local
>> unable to find object for DN CN=Produktion A-Studio
>> (alt?),CN=Users,DC=srg2,DC=local - (No such Base DN: CN=Produktion A-Studio
>> (alt?),CN=Users,DC=srg2,DC=local)
>> Not removing dangling forward link
>> ERROR: incorrect GUID component for member in object
>> CN=freie,CN=Users,DC=srg2,DC=local -
>> <GUID=35115b3b-264b-431f-a8a0-e2812d434fde>;<SID=S-1-5-21-3768878909-3194017282-2874830551-1170>;CN=Produktion
>> A-Studio (alt?),CN=Users,DC=srg2,DC=local
>> unable to find object for DN CN=Produktion A-Studio
>> (alt?),CN=Users,DC=srg2,DC=local - (No such Base DN: CN=Produktion A-Studio
>> (alt?),CN=Users,DC=srg2,DC=local)
>> Not removing dangling forward link
>> ERROR: incorrect GUID component for member in object
>> CN=radioclient,CN=Users,DC=srg2,DC=local -
>> <GUID=35115b3b-264b-431f-a8a0-e2812d434fde>;<SID=S-1-5-21-3768878909-3194017282-2874830551-1170>;CN=Produktion
>> A-Studio (alt?),CN=Users,DC=srg2,DC=local
>> unable to find object for DN CN=Produktion A-Studio
>> (alt?),CN=Users,DC=srg2,DC=local - (No such Base DN: CN=Produktion A-Studio
>> (alt?),CN=Users,DC=srg2,DC=local)
>> Not removing dangling forward link
>> Checked 448 objects (3 errors)
>>
>> Automatic fixing seems not possible so far....
>>
>> I tried to recreate and delete the user "produktion-a" by samba-tool and
>> clean / get it work with ldbedit (incl. "--relax" option) - i.e.:
>>
>> - changing all occurences of "Produktion A-Studio (alt?)" into
>> "Produktion A-Studio alt"
>> - deleting all existing occurences of this user (user record,
>> membership records)
>>
>> and get errors like:
>>
>> ~#ldbedit --relax -e nano -H /var/db/system/samba4/private/sam.ldb
>> failed to delete CN=Produktion A-Studio (alt?),CN=Users,DC=srg2,DC=local
>> - No such Base DN: CN=Produktion A-Studio (alt?),CN=Users,DC=srg2,DC=local
>>
>> ~# ldbedit -e nano -H /var/db/system/samba4/private/sam.ldb --cross-ncs
>> "CN=Produktion A-Studio (alt?),CN=Users,DC=srg2,DC=local"
>> no matching records - cannot edit
>>
>> For me it seems as the "?" or "()" in the identifier strings are breaking
>> some kind of policies (if so they did not had to be accepted) and/or make
>> it impossible to find / select the record and/or breaks references within
>> the DB.
>>
>> How can i reach that orphan records to get them out / cleaned?
>>
>> Many thanks for any help / hint.
>>
>>
>>
>> Niels.
>>
>> i.A.
>> StadtRadio Göttingen 107,1 MHz
>> http://www.stadtradio-goettingen.de
>>
>> --
>> ---
>> Niels Dettenbach
>> Syndicat IT & Internet
>> http://www.syndicat.com
>> PGP: https://syndicat.com/pub_key.asc
>> ---
>>
>>
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
>
More information about the samba
mailing list