Synchronization between open ldap and Samba 4


#1

Hi,

I created a group in ldap called ‘gt_rm’ and i added some users to it. Later on, i deleted some of the users from that group, and now after doing:

samba-tool dbcheck --fix --cross-ncs

i’m getting the following error:

ERROR: incorrect DN string component for member in object CN=gt_rm,CN=Groups,DC=idicat,DC=net - <GUID=2122e9bd-29b9-4db4-8657-626a67fd1bfc>;<RMD_ADDTIME=131243026310000000>;<RMD_CHANGETIME=131243026780000000>;<RMD_FLAGS=1>;<RMD_INVOCID=75d65330-dfda-409d-bbaa-26309696c711>;<RMD_LOCAL_USN=7225>;<RMD_ORIGINATING_USN=7225>;<RMD_VERSION=3>;cn=24494303,cn=users,DC=idicat,DC=net
Change DN to <GUID=2122e9bd-29b9-4db4-8657-626a67fd1bfc>;<SID=S-1-5-21-586967669-2250903040-3073163512-1249>;CN=24494303,CN=Users,DC=idicat,DC=net? [y/N/all/none]

I used ldbsearch to search for the group and there is no relation between the group and the user. I also did

/usr/share/univention-s4-connector/resync_object_from_s4.py --filter cn=gt_rm
/usr/share/univention-s4-connector/resync_object_from_s4.py --filter cn=24494303
/usr/share/univention-s4-connector/resync_object_from_ucs.py --filter cn=gt_rm
/usr/share/univention-s4-connector/resync_object_from_ucs.py --filter uid=24494303

And i still get the same error after doing the dbcheck. Is there any way to get rid of this error without deleting the group?
Thanks.


#2

What version are you using?

ucr search --brief version

The following:

ERROR: incorrect DN string component for member in object CN=gt_rm

means there is a problem with a member in the group

Change DN to <GUID=2122e9bd-29b9-4db4-8657-626a67fd1bfc>;<SID=S-1-5-21-586967669-2250903040-3073163512-1249>;CN=24494303,CN=Users,DC=idicat,DC=net? [y/N/all/none] 

should fix this if you choose “y”

The dbcheck --fix as you quoted it should not delete the group, but crrect the DN of the member of this group. Did you choose “y”?