Synchronization between open ldap and Samba 4

Hi,

I created a group in ldap called ‘gt_rm’ and i added some users to it. Later on, i deleted some of the users from that group, and now after doing:

samba-tool dbcheck --fix --cross-ncs

i’m getting the following error:

ERROR: incorrect DN string component for member in object CN=gt_rm,CN=Groups,DC=idicat,DC=net - <GUID=2122e9bd-29b9-4db4-8657-626a67fd1bfc>;<RMD_ADDTIME=131243026310000000>;<RMD_CHANGETIME=131243026780000000>;<RMD_FLAGS=1>;<RMD_INVOCID=75d65330-dfda-409d-bbaa-26309696c711>;<RMD_LOCAL_USN=7225>;<RMD_ORIGINATING_USN=7225>;<RMD_VERSION=3>;cn=24494303,cn=users,DC=idicat,DC=net
Change DN to <GUID=2122e9bd-29b9-4db4-8657-626a67fd1bfc>;<SID=S-1-5-21-586967669-2250903040-3073163512-1249>;CN=24494303,CN=Users,DC=idicat,DC=net? [y/N/all/none]

I used ldbsearch to search for the group and there is no relation between the group and the user. I also did

/usr/share/univention-s4-connector/resync_object_from_s4.py --filter cn=gt_rm
/usr/share/univention-s4-connector/resync_object_from_s4.py --filter cn=24494303
/usr/share/univention-s4-connector/resync_object_from_ucs.py --filter cn=gt_rm
/usr/share/univention-s4-connector/resync_object_from_ucs.py --filter uid=24494303

And i still get the same error after doing the dbcheck. Is there any way to get rid of this error without deleting the group?
Thanks.

What version are you using?

ucr search --brief version

The following:

ERROR: incorrect DN string component for member in object CN=gt_rm

means there is a problem with a member in the group

Change DN to <GUID=2122e9bd-29b9-4db4-8657-626a67fd1bfc>;<SID=S-1-5-21-586967669-2250903040-3073163512-1249>;CN=24494303,CN=Users,DC=idicat,DC=net? [y/N/all/none] 

should fix this if you choose “y”

The dbcheck --fix as you quoted it should not delete the group, but crrect the DN of the member of this group. Did you choose “y”?

Mastodon