[Samba] Undeletable objects in AD
Rowland Penny
rpenny at samba.org
Mon Jul 23 14:01:32 UTC 2018
On Mon, 23 Jul 2018 15:01:19 +0200
Henry Jensen via samba <samba at lists.samba.org> wrote:
> On Mon, 23 Jul 2018 13:12:42 +0100
> Rowland Penny via samba <samba at lists.samba.org> wrote:
>
> > On Mon, 23 Jul 2018 14:02:45 +0200
> > Henry Jensen via samba <samba at lists.samba.org> wrote:
> > >
> > > Yes, the objects in question are displayed, one of them looks like
> > > this:
> > >
> > > # record 46
> > > dn:
> > > CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan
> > > cn::
> > > cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtcnc=
> > > instanceType: 4 whenCreated: 20180720113100.0Z uSNCreated: 5982
> > > name::
> > > cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtcnc=
> > > objectGUID: ecbda919-4c16-4d06-9695-2540e35b44da objectSid:
> > > S-1-5-21-4144324718-2848790307-3888702956-3897 sAMAccountName::
> > > cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtc nc=
> > > sAMAccountType: 268435456
> > > groupType: -2147483646
> > > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=iww,DC=lan
> > > gidNumber: 1448
> > > objectClass: top
> > > objectClass: posixGroup
> > > objectClass: group
> > > msSFU30NisDomain: iww
> > > whenChanged: 20180720113106.0Z
> > > uSNChanged: 15576
> > > distinguishedName::
> > > Q049cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taX
> > > NjaGUtcncsQ049VXNlcnMsREM9aXd3LERDPWxhbg==
> > >
> > > However, "ldbdel -H /var/lib/samba/private/sam.ldb
> > > 'CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan'"
> > > doesn't work, it says "entry does not exist"
> >
> > Try it without the single quotes around the DN
> > If this doesn't work, try opening AD in ldbedit again and manually
> > delete all the object lines (including the 'record' line)
>
> I tried it on my test environment (didn't want to do it in
> production) first.
>
> Still no luck - when i delete the entire object with ldbedit it says
>
> "failed to delete
> CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan
> - objectclass: Cannot delete
> CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan,
> entry does not exist!"
>
> So, no chance to get them out of there easy way?
>
> Strange how they got in there in the first place by classicupgrade.
> Because I knew that umlauts can lead to problems I renamed those
> objects in the original OpenLDAP tree before doing the classicupgrade.
>
> The renamed groups got migrated to AD and I can manage them without
> problems, but there are also the groups with umlauts (they even have
> the same GIDs).
>
>
> Kind regards,
> Henry
>
>
Okay,
echo "cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtcnc=" |
base64 -d
Gets me:
projekt-st.wendel-wvw-technisch-ökonomische-rw
As you can see, it has those funny two dots over the 'o'. have you
tried using that in the DN of the delete command ?
i.e. ldbdel -H /var/lib/samba/private/sam.ldb
CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan
Rowland
More information about the samba
mailing list