Hi all I am trying to create a script to migrate our current old Samba3 LDAP based domain to a new Samba4 (4.0.9, Sernet compilation) domain. We have 3 servers, all replicating. If I add a user using samba-tool, all wotks fine, but If I try to create a user using a Python script, for example, with this LDIF:
dn: cn=XXXXXXX,OU=Usuarios,OU=dept,DC=org,DC=test displayName: XXXXX samAccountName: XXXXX objectClass: top objectClass: person objectClass: user objectClass: organizationalPerson userAccountControl: 512 userPrincipalName: xxx...@org.test samAccountType: 805306368 sn: XXXXXX mail: xxx...@xxxxxxx.es givenName: XXXXX cn: XXXXXXXXX unicodePwd:: XXXXXXXXXX importing it using ldbadd, the user is imported well (NOTE: cn, displayname, sn and givenname contains special chars like tildes). When I try to search the user using ldapsearch I get this error: # ldapsearch -LLL -H ldap://XXXXX -D "cn=Administrator,cn=Users,dc=org,dc=test" -b "dc=org,dc=test" -w XXXXX "(samaccountname=XXXXXX)" Operations error (1) Additional information: acl_read: cannot get descriptor of cn=XXXXX,OU=Usuarios,OU=dept,DC=org,DC=test But If I search that user with ldbsearch, the result is correct, although no attributes related to replication that do appear in other objects (like replPropertyMetaData, uSNChanged or nTSecurityDescriptor) don't appear in this user. Even more, if the user tries to do a smbclient whit his username, he gets a db corruption error: # smbclient -L localhost -U XXXXXX Enter XXXXXXXX password: session setup failed: NT_STATUS_INTERNAL_DB_CORRUPTION Any idea about this error? I think the LDIF is correct, but it looks it doesn't.... Regards. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
