[Samba] samba-tool ldapcmp without --filter errors out.

Christian Naumer cn at brain-biotech.de
Thu Nov 14 11:19:44 UTC 2019


Hi,
what a coincidence. I just did the upgrade from 4.10.10 on our DCs a
view minutes ago. All went fine offcource :-)...
This AD was Classic Upgraded with Samba 4.4 and since upgraded in place
up to 4.10.10 and now 4.11.2.

For me all of the commands work fine.

samba-tool ldapcmp --filter="whenChanged,dc,DC,cn,CN" ldap://dc1.fqdn
ldap://dc2.fqdn

samba-tool ldapcmp  ldap://dc1.fqdn  ldap://dc2.fqdn

samba-tool ldapcmp --filter="cn,CN" ldap://dc1.fqdn  ldap://dc2.fqdn


all produce no errors.


So maybe this is something that happened in an earlier version then 4.4?


Regards



Am 14.11.19 um 11:06 schrieb L.P.H. van Belle via samba:
> Hai, 
>  
> I've just upgrade samba on my DC's from 4.10.10 to 4.11.2.
> Which went fine offcourse ;-) but when i checking my replications i noticed the following. 
>  
> If people have problems upgrading, the steps to take are : 
> ( Debian buster, samba upgrade 4.10=> 4.11 van-belle repo. ) 
> # update 4.10 to 4.11 
> sed 's/410/411/g'  /etc/apt/sources.list.d/van-belle.list 
> apt update
> apt dist-upgrade --autoremove --purge
> apt --fix-broken install
> apt dist-upgrade --autoremove --purge
> And its done. 
> 
>  
> When running :  
> samba-tool ldapcmp --filter="whenChanged,dc,DC,cn,CN" ldap://dc1.fqdn  ldap://dc2.fqdn
> This works fine, untill i remove the filter.. 
>  
> samba-tool ldapcmp  ldap://dc1.fqdn  ldap://dc2.fqdn
> This errors out with : 
> 
> * Comparing [DOMAIN] context...
>  
> * Objects to be compared: 845
> ERROR(<class 'KeyError'>): uncaught exception - 'CN'
>   File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 957, in run
>     if b1.diff(b2):
>   File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 781, in diff
>     if object1 == object2:
>   File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 549, in __eq__
>     return self.cmp_attrs(other)
>   File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 590, in cmp_attrs
>     if isinstance(self.attributes[x], list) and isinstance(other.attributes[x], list):
> 
>  
> samba-tool ldapcmp --filter="cn,CN" ldap://dc1.fqdn  ldap://dc2.fqdn
>  
> * Comparing [DOMAIN] context...
>  
> * Objects to be compared: 845
>  
> * Result for [DOMAIN]: SUCCESS
>  
> * Comparing [CONFIGURATION] context...
>  
> * Objects to be compared: 1825
>  
> * Result for [CONFIGURATION]: SUCCESS
>  
> * Comparing [SCHEMA] context...
>  
> * Objects to be compared: 1821
>  
> * Result for [SCHEMA]: SUCCESS
>  
> * Comparing [DNSDOMAIN] context...
>  
> * Objects to be compared: 503
> ERROR(<class 'KeyError'>): uncaught exception - 'DC'
>   File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 957, in run
>     if b1.diff(b2):
>   File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 781, in diff
>     if object1 == object2:
>   File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 549, in __eq__
>     return self.cmp_attrs(other)
>   File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 590, in cmp_attrs
>     if isinstance(self.attributes[x], list) and isinstance(other.attributes[x], list):
> 
> samba-tool dbcheck (--cross-nc) run fine, i have 0 errors here. 
>  
> My conclusion here, but this needs to be verified also by others, and it might be handy to know your original samba version. 
>  --filter="DC,CN"  fixes the ldapcmp command to it runs without errors, the database replications is fine. 
>  
> Cause, this is a AD-DB started from 4.1.x  in all updates there where a few bugs with cn= CN= dc= DC=  and whenChanged in previous versions of samba.
>  
> The question now is, it there a command (within samba-tool ) that fixes/lower the DC= and CN= 
> because i didnt see/find it. 
>  
> My setup started with: Debian Wheezy, samba 4.1.x 
> Current: Debian Buster, samba 4.11.2 
>  
>  
> Greetz, 
>  
> Louis
>  
>  
>  
>  
>  
>  
>  
>  
> 

-- 
Dr. Christian Naumer
Unit Head Bioprocess Development
B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
fon +49-6251-9331-30  /   fax +49-6251-9331-11

Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Dr. Juergen Eck (Vorsitzender), Manfred Bender,
Ludger Roedder
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen



More information about the samba mailing list