Web lists-archives.com

[Samba] restore deleted user (ldbrename) on samba 4.9.1 fails

Dear list,

I am trying to restore an deleted user object with samba 4.9.1 (sernet packages).  I am aware that the object will lose some attributes without recycle bin enabled (enabling it is still not recommended, right?) I tried to rename the object in order to make the  necessary modifications afterward (as documented in Stefan Kania's Samba 4 book). But ldbrename already fails.

root@dc1:~# samba-tool user create testuser
New Password:
Retype Password:
User 'testuser' created successfully

root@dc1:~# samba-tool user delete testuser
Deleted user testuser

root@dc1:~# ldbsearch -H ldap://localhost -U administrator --password="Passw0rd" --show-deleted "cn=testuser\0ADEL:*"
# record 1
dn: CN=testuser\0ADEL:d4357200-a367-4601-93df-8c769f1d0e4f,CN=Deleted Objects,DC=samdom,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
instanceType: 4
whenCreated: 20181015123644.0Z
uSNCreated: 4038
objectGUID: d4357200-a367-4601-93df-8c769f1d0e4f
objectSid: S-1-5-21-2104162034-3764151921-3268498227-1112
sAMAccountName: testuser
userAccountControl: 512
isDeleted: TRUE
lastKnownParent: CN=Users,DC=samdom,DC=example,DC=com
isRecycled: TRUE
whenChanged: 20181015123702.0Z
uSNChanged: 4041
distinguishedName: CN=testuser\0ADEL:d4357200-a367-4601-93df-8c769f1d0e4f,CN=D
 eleted Objects,DC=samdom,DC=example,DC=com

# Referral
ref: ldap://samdom.example.com/CN=Configuration,DC=samdom,DC=example,DC=com

# Referral
ref: ldap://samdom.example.com/DC=DomainDnsZones,DC=samdom,DC=example,DC=com

# Referral
ref: ldap://samdom.example.com/DC=ForestDnsZones,DC=samdom,DC=example,DC=com

# returned 4 records
# 1 entries
# 3 referrals

root@dc1:~# ldbrename -H ldap://localhost -Uadministrator --password="Passw0rd" "CN=testuser\0ADEL:d4357200-a367-4601-93df-8c769f1d0e4f,CN=Deleted Objects,DC=samdom,DC=example,DC=com" "CN=testuser,CN=Users,DC=samdom,DC=example,DC=com" rename of 'CN=testuser\0ADEL:d4357200-a367-4601-93df-8c769f1d0e4f,CN=Deleted Objects,DC=samdom,DC=example,DC=com' to 'CN=testuser,CN=Users,DC=samdom,DC=example,DC=com' failed - LDAP error 32 LDAP_NO_SUCH_OBJECT -  <00002030: ldb_wait from ../source4/ldap_server/ldap_backend.c:487 with LDB_WAIT_ALL: No such object (32)> <>

Verbose and trace give no further hint. Any ideas? Seems to have work in earlier versions.

With a regular LDAP we can use LDIF dumps  to restore objects, not comfortable but working. But this is not working for AD as it is not allowed to objects with an objectSid, right? Is there another (recommended) way to restore deleted objects ( particularly users and groups).


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba