Hi all

I am trying to create a script to migrate our current old Samba3 LDAP based
domain to a new Samba4 (4.0.9, Sernet compilation) domain. We have 3
servers, all replicating. If I add a user using samba-tool, all wotks fine,
but If I try to create a user using a Python script, for example, with this
LDIF:

dn: cn=XXXXXXX,OU=Usuarios,OU=dept,DC=org,DC=test
displayName: XXXXX
samAccountName: XXXXX
objectClass: top
objectClass: person
objectClass: user
objectClass: organizationalPerson
userAccountControl: 512
userPrincipalName: xxx...@org.test
samAccountType: 805306368
sn: XXXXXX
mail: xxx...@xxxxxxx.es
givenName: XXXXX
cn: XXXXXXXXX
unicodePwd:: XXXXXXXXXX

importing it using ldbadd, the user is imported well (NOTE: cn,
displayname, sn and givenname contains special chars like tildes). When I
try to search the user using ldapsearch I get this error:

# ldapsearch -LLL -H ldap://XXXXX -D
"cn=Administrator,cn=Users,dc=org,dc=test" -b "dc=org,dc=test" -w XXXXX
"(samaccountname=XXXXXX)"
Operations error (1)
Additional information: acl_read: cannot get descriptor of
cn=XXXXX,OU=Usuarios,OU=dept,DC=org,DC=test

But If I search that user with ldbsearch, the result is correct, although
no attributes related to replication that do appear in other objects (like
replPropertyMetaData, uSNChanged or nTSecurityDescriptor) don't appear in
this user. Even more, if the user tries to do a smbclient whit his
username, he gets a db corruption error:

# smbclient -L localhost -U XXXXXX
Enter XXXXXXXX password:
session setup failed: NT_STATUS_INTERNAL_DB_CORRUPTION

Any idea about this error? I think the LDIF is correct, but it looks it
doesn't....

Regards.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to