[Samba] restore deleted user (ldbrename) on samba 4.9.1 fails
Oliver Heinz
o.heinz at schunk.net
Mon Oct 15 13:47:27 UTC 2018
Dear list,
I am trying to restore an deleted user object with samba 4.9.1 (sernet
packages). I am aware that the object will lose some attributes without
recycle bin enabled (enabling it is still not recommended, right?)
I tried to rename the object in order to make the necessary
modifications afterward (as documented in Stefan Kania's Samba 4 book).
But ldbrename already fails.
root at dc1:~# samba-tool user create testuser
New Password:
Retype Password:
User 'testuser' created successfully
root at dc1:~# samba-tool user delete testuser
Deleted user testuser
root at dc1:~# ldbsearch -H ldap://localhost -U administrator
--password="Passw0rd" --show-deleted "cn=testuser\0ADEL:*"
# record 1
dn: CN=testuser\0ADEL:d4357200-a367-4601-93df-8c769f1d0e4f,CN=Deleted
Objects,DC=samdom,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
instanceType: 4
whenCreated: 20181015123644.0Z
uSNCreated: 4038
objectGUID: d4357200-a367-4601-93df-8c769f1d0e4f
objectSid: S-1-5-21-2104162034-3764151921-3268498227-1112
sAMAccountName: testuser
userAccountControl: 512
isDeleted: TRUE
lastKnownParent: CN=Users,DC=samdom,DC=example,DC=com
isRecycled: TRUE
cn:: dGVzdHVzZXIKREVMOmQ0MzU3MjAwLWEzNjctNDYwMS05M2RmLThjNzY5ZjFkMGU0Zg==
name:: dGVzdHVzZXIKREVMOmQ0MzU3MjAwLWEzNjctNDYwMS05M2RmLThjNzY5ZjFkMGU0Zg==
whenChanged: 20181015123702.0Z
uSNChanged: 4041
distinguishedName:
CN=testuser\0ADEL:d4357200-a367-4601-93df-8c769f1d0e4f,CN=D
eleted Objects,DC=samdom,DC=example,DC=com
# Referral
ref: ldap://samdom.example.com/CN=Configuration,DC=samdom,DC=example,DC=com
# Referral
ref: ldap://samdom.example.com/DC=DomainDnsZones,DC=samdom,DC=example,DC=com
# Referral
ref: ldap://samdom.example.com/DC=ForestDnsZones,DC=samdom,DC=example,DC=com
# returned 4 records
# 1 entries
# 3 referrals
root at dc1:~# ldbrename -H ldap://localhost -Uadministrator
--password="Passw0rd"
"CN=testuser\0ADEL:d4357200-a367-4601-93df-8c769f1d0e4f,CN=Deleted
Objects,DC=samdom,DC=example,DC=com"
"CN=testuser,CN=Users,DC=samdom,DC=example,DC=com"
rename of
'CN=testuser\0ADEL:d4357200-a367-4601-93df-8c769f1d0e4f,CN=Deleted
Objects,DC=samdom,DC=example,DC=com' to
'CN=testuser,CN=Users,DC=samdom,DC=example,DC=com' failed - LDAP error
32 LDAP_NO_SUCH_OBJECT - <00002030: ldb_wait from
../source4/ldap_server/ldap_backend.c:487 with LDB_WAIT_ALL: No such
object (32)> <>
Verbose and trace give no further hint. Any ideas? Seems to have work in
earlier versions.
With a regular LDAP we can use LDIF dumps to restore objects, not
comfortable but working. But this is not working for AD as it is not
allowed to objects with an objectSid, right?
Is there another (recommended) way to restore deleted objects (
particularly users and groups).
TIA,
Oliver
More information about the samba
mailing list