[Samba] Undeletable objects in AD

Henry Jensen hjensen at mailbox.org
Mon Jul 23 12:02:45 UTC 2018 

On Mon, 23 Jul 2018 11:27:38 +0100
Rowland Penny via samba <samba at lists.samba.org> wrote:


> How are you searching and what with ?

I used the ADUC tool and LDAPAdmin.

> 
> Have you tried ldbedit ?
> 
> ldbedit -e <your favourite editor> -H /path/to/sam.ldb
> 
> This will display everything in the editor and you can then search in
> that for the groups. You should then be able to create a filter to
> delete the groups



Yes, the objects in question are displayed, one of them looks like this:

# record 46  
dn: CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan
cn:: cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtcnc=
instanceType: 4
whenCreated: 20180720113100.0Z
uSNCreated: 5982
name:: cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtcnc=
objectGUID: ecbda919-4c16-4d06-9695-2540e35b44da
objectSid: S-1-5-21-4144324718-2848790307-3888702956-3897
sAMAccountName:: cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtc
 nc=
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=iww,DC=lan
gidNumber: 1448
objectClass: top
objectClass: posixGroup
objectClass: group
msSFU30NisDomain: iww
whenChanged: 20180720113106.0Z
uSNChanged: 15576
distinguishedName:: Q049cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taX
 NjaGUtcncsQ049VXNlcnMsREM9aXd3LERDPWxhbg==

However, "ldbdel -H /var/lib/samba/private/sam.ldb 'CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan'" doesn't work, it says "entry does not exist"

As you can see, some parts are base64 encoded but I am unsure how to use this 
in conjunction with ldbdel or ldbedit, e.g.  I tried
 
 ldbedit -e vim -H /var/lib/samba/private/sam.ldb '(sAMAccountName=cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtcnc=)'
 ldbedit -e vim -H /var/lib/samba/private/sam.ldb '(sAMAccountName=:cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtcnc=)'
 ldbedit -e vim -H /var/lib/samba/private/sam.ldb '(sAMAccountName=::cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtcnc=)'

and all of them fail with "no matching records - cannot edit".

Same when using objectGUID or objectSid.

Kind regards,

Henry

More information about the samba mailing list