Web lists-archives.com

Re: [Samba] restore deleted user (ldbrename) on samba 4.9.1 fails




sorry it's not working any more. At least if you have more then one DC.
I didn't get an answer to this problem so that's the reason why it will
not be part of the new samba4 book :-(


Am 15.10.2018 um 15:47 schrieb Oliver Heinz via samba:
> Dear list,
> 
> I am trying to restore an deleted user object with samba 4.9.1 (sernet
> packages).  I am aware that the object will lose some attributes without
> recycle bin enabled (enabling it is still not recommended, right?)
> I tried to rename the object in order to make the  necessary
> modifications afterward (as documented in Stefan Kania's Samba 4 book).
> But ldbrename already fails.
> 
> root@dc1:~# samba-tool user create testuser
> New Password:
> Retype Password:
> User 'testuser' created successfully
> 
> root@dc1:~# samba-tool user delete testuser
> Deleted user testuser
> 
> root@dc1:~# ldbsearch -H ldap://localhost -U administrator
> --password="Passw0rd" --show-deleted "cn=testuser\0ADEL:*"
> # record 1
> dn: CN=testuser\0ADEL:d4357200-a367-4601-93df-8c769f1d0e4f,CN=Deleted
> Objects,DC=samdom,DC=example,DC=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> instanceType: 4
> whenCreated: 20181015123644.0Z
> uSNCreated: 4038
> objectGUID: d4357200-a367-4601-93df-8c769f1d0e4f
> objectSid: S-1-5-21-2104162034-3764151921-3268498227-1112
> sAMAccountName: testuser
> userAccountControl: 512
> isDeleted: TRUE
> lastKnownParent: CN=Users,DC=samdom,DC=example,DC=com
> isRecycled: TRUE
> cn:: dGVzdHVzZXIKREVMOmQ0MzU3MjAwLWEzNjctNDYwMS05M2RmLThjNzY5ZjFkMGU0Zg==
> name:: dGVzdHVzZXIKREVMOmQ0MzU3MjAwLWEzNjctNDYwMS05M2RmLThjNzY5ZjFkMGU0Zg==
> whenChanged: 20181015123702.0Z
> uSNChanged: 4041
> distinguishedName:
> CN=testuser\0ADEL:d4357200-a367-4601-93df-8c769f1d0e4f,CN=D
>  eleted Objects,DC=samdom,DC=example,DC=com
> 
> # Referral
> ref: ldap://samdom.example.com/CN=Configuration,DC=samdom,DC=example,DC=com
> 
> # Referral
> ref:
> ldap://samdom.example.com/DC=DomainDnsZones,DC=samdom,DC=example,DC=com
> 
> # Referral
> ref:
> ldap://samdom.example.com/DC=ForestDnsZones,DC=samdom,DC=example,DC=com
> 
> # returned 4 records
> # 1 entries
> # 3 referrals
> 
> root@dc1:~# ldbrename -H ldap://localhost -Uadministrator
> --password="Passw0rd"
> "CN=testuser\0ADEL:d4357200-a367-4601-93df-8c769f1d0e4f,CN=Deleted
> Objects,DC=samdom,DC=example,DC=com"
> "CN=testuser,CN=Users,DC=samdom,DC=example,DC=com"
> rename of
> 'CN=testuser\0ADEL:d4357200-a367-4601-93df-8c769f1d0e4f,CN=Deleted
> Objects,DC=samdom,DC=example,DC=com' to
> 'CN=testuser,CN=Users,DC=samdom,DC=example,DC=com' failed - LDAP error
> 32 LDAP_NO_SUCH_OBJECT -  <00002030: ldb_wait from
> ../source4/ldap_server/ldap_backend.c:487 with LDB_WAIT_ALL: No such
> object (32)> <>
> 
> Verbose and trace give no further hint. Any ideas? Seems to have work in
> earlier versions.
> 
> With a regular LDAP we can use LDIF dumps  to restore objects, not
> comfortable but working. But this is not working for AD as it is not
> allowed to objects with an objectSid, right?
> Is there another (recommended) way to restore deleted objects (
> particularly users and groups).
> 
> 
> 
> TIA,
> Oliver
> 
> 




Attachment: signature.asc
Description: OpenPGP digital signature

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba