Andrés Yacopino
2006-Feb-14 14:56 UTC
[Samba] Smbpasswd -m -x not working, "object class violation" error
I have deployed a samba server with Sun Java Ldap Directory. I sucessfully create users and deleted them when ldap delete dn=yes in smb.conf, but when ldap delete dn=no i obtain this error when i issue a smbpasswd -m -x command: ldapsam_delete_entry: Could not delete attributes for uid=aprueba$,ou=computers, o=acasalud.com.ar,dc=acasalud,dc=com,dc=ar, error: Object class violation () Failed to delete entry for user aprueba$. Failed to modify password entry for user aprueba$ My smb.conf is: [global] workgroup = ACASALUDROS server string = Sun Samba Server security = user dos filetimes = yes time offset = -360 load printers = yes printcap name = /etc/printcap printing = cups guest account = guest log file = /usr/local/samba/var/log.%m log level = 5 max log size = 50 null passwords = yes encrypt passwords = yes ldap password sync = yes unix password sync = yes username level = 2 password level = 0 passwd program = /usr/bin/passwd %u passwd chat = *New* password* %n\n *new* password* %n\n *successfully* idmap backend = ldapsam:ldap://localhost:389 passdb backend = ldapsam:ldap://localhost:389 ldap admin dn = cn=Directory Manager ldap suffix = o=acasalud.com.ar,dc=acasalud,dc=com,dc=ar ldap user suffix = ou=people ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap delete dn = no socket options = TCP_NODELAY=0 wins server = 10.11.0.2 dns proxy = no what is wrong? Is that works only when preferred master = yes domain master = yes local master = yes domain logons = yes are yes? Any other ideas? Thanks a lot. -- Andr?s Yacopino
Daniel Wilson
2006-Feb-14 15:53 UTC
[Samba] Smbpasswd -m -x not working, "object class violation" error
Have you checkes the Sun LDAP errors.log file for the specific object class violation? Usually at <install_dir>/slapd-<hostname>/logs/errors.log Daniel Wilson Systems Manager Student and Learning Support University of Sunderland Tel: 0191 515 2695 Andr?s Yacopino wrote:>I have deployed a samba server with Sun Java Ldap Directory. > >I sucessfully create users and deleted them when ldap delete dn=yes in >smb.conf, but when ldap delete dn=no i obtain this error when i issue a >smbpasswd -m -x command: > >ldapsam_delete_entry: Could not delete attributes for >uid=aprueba$,ou=computers, >o=acasalud.com.ar,dc=acasalud,dc=com,dc=ar, error: Object class violation () >Failed to delete entry for user aprueba$. >Failed to modify password entry for user aprueba$ > >My smb.conf is: > >[global] > > workgroup = ACASALUDROS > server string = Sun Samba Server > security = user > dos filetimes = yes > time offset = -360 > load printers = yes > printcap name = /etc/printcap > printing = cups > guest account = guest > log file = /usr/local/samba/var/log.%m > log level = 5 > max log size = 50 > null passwords = yes > encrypt passwords = yes > ldap password sync = yes > unix password sync = yes > username level = 2 > password level = 0 > passwd program = /usr/bin/passwd %u > passwd chat = *New* password* %n\n *new* password* %n\n *successfully* > idmap backend = ldapsam:ldap://localhost:389 > passdb backend = ldapsam:ldap://localhost:389 > ldap admin dn = cn=Directory Manager > ldap suffix = o=acasalud.com.ar,dc=acasalud,dc=com,dc=ar > ldap user suffix = ou=people > ldap group suffix = ou=groups > ldap machine suffix = ou=computers > ldap idmap suffix = ou=idmap > ldap delete dn = no > socket options = TCP_NODELAY=0 > wins server = 10.11.0.2 > dns proxy = no > >what is wrong? > >Is that works only when > > preferred master = yes > domain master = yes > local master = yes > domain logons = yes > >are yes? >Any other ideas? > >Thanks a lot. > > >-- >Andr?s Yacopino > >
Andrés Yacopino
2006-Feb-14 17:26 UTC
[Samba] Smbpasswd -m -x not working, "object class violation" error
Daniel, check the log as you said and i hit this: [14/Feb/2006:14:19:10 +0300] - ERROR<5897> - Schema - conn=-1 op=-1 msgId=-1 - User error: Entry "uid=aprueba$,ou=computers,o=acasalud.com.ar ,dc=acasalud,dc=c om,dc=ar", attribute "displayName" is not allowed What does it means? Thanks, Andr?s. 2006/2/14, Daniel Wilson <daniel.wilson@sunderland.ac.uk>:> > Have you checkes the Sun LDAP errors.log file for the specific object > class violation? Usually at <install_dir>/slapd-<hostname>/logs/errors.log > > Daniel Wilson > Systems Manager > Student and Learning Support > University of Sunderland > Tel: 0191 515 2695 > > > > Andr?s Yacopino wrote: > > >I have deployed a samba server with Sun Java Ldap Directory. > > > >I sucessfully create users and deleted them when ldap delete dn=yes in > >smb.conf, but when ldap delete dn=no i obtain this error when i issue a > >smbpasswd -m -x command: > > > >ldapsam_delete_entry: Could not delete attributes for > >uid=aprueba$,ou=computers, > >o=acasalud.com.ar,dc=acasalud,dc=com,dc=ar, error: Object class violation > () > >Failed to delete entry for user aprueba$. > >Failed to modify password entry for user aprueba$ > > > >My smb.conf is: > > > >[global] > > > > workgroup = ACASALUDROS > > server string = Sun Samba Server > > security = user > > dos filetimes = yes > > time offset = -360 > > load printers = yes > > printcap name = /etc/printcap > > printing = cups > > guest account = guest > > log file = /usr/local/samba/var/log.%m > > log level = 5 > > max log size = 50 > > null passwords = yes > > encrypt passwords = yes > > ldap password sync = yes > > unix password sync = yes > > username level = 2 > > password level = 0 > > passwd program = /usr/bin/passwd %u > > passwd chat = *New* password* %n\n *new* password* %n\n *successfully* > > idmap backend = ldapsam:ldap://localhost:389 > > passdb backend = ldapsam:ldap://localhost:389 > > ldap admin dn = cn=Directory Manager > > ldap suffix = o=acasalud.com.ar,dc=acasalud,dc=com,dc=ar > > ldap user suffix = ou=people > > ldap group suffix = ou=groups > > ldap machine suffix = ou=computers > > ldap idmap suffix = ou=idmap > > ldap delete dn = no > > socket options = TCP_NODELAY=0 > > wins server = 10.11.0.2 > > dns proxy = no > > > >what is wrong? > > > >Is that works only when > > > > preferred master = yes > > domain master = yes > > local master = yes > > domain logons = yes > > > >are yes? > >Any other ideas? > > > >Thanks a lot. > > > > > >-- > >Andr?s Yacopino > > > > > > >-- Andr?s Yacopino
Daniel Wilson
2006-Feb-14 17:48 UTC
[Samba] Smbpasswd -m -x not working, "object class violation" error
Im sure this means that its trying to delete the displayName attribute which is more than likely not in your LDAP schema. Look in "<install_dir>/slapd-<hostname>/config/schema/" directory for your schema To see if "displayName" is part of any object classes in your LDAP schema search the schema files: bash# grep -il displayName <install_dir>/slapd-<hostname>/config/schema/*.ldif If its not part of your schema you may want to add this attribute to your 99user.ldif schema file or add the attribute via the Sun LDAP console (recommended): bash # <install_dir>/startconsole & Server Group > Directory Server (Open) > Configuration > Schema > Attributes > Create -or- you may want to just disable schema checking in your LDAP server : bash # <install_dir>/startconsole & Server Group > Directory Server (Open) > Configuration > Schema (Disable) Regards Daniel Wilson Systems Manager Student and Learning Support University of Sunderland Tel: 0191 515 2695 Andr?s Yacopino wrote:> Daniel, check the log as you said and i hit this: > > [14/Feb/2006:14:19:10 +0300] - ERROR<5897> - Schema - conn=-1 op=-1 > msgId=-1 - > User error: Entry "uid=aprueba$,ou=computers,o= acasalud.com.ar > <http://acasalud.com.ar>,dc=acasalud,dc=c > om,dc=ar", attribute "displayName" is not allowed > > What does it means? > > Thanks, > Andr?s. > > > > 2006/2/14, Daniel Wilson < daniel.wilson@sunderland.ac.uk > <mailto:daniel.wilson@sunderland.ac.uk>>: > > Have you checkes the Sun LDAP errors.log file for the specific object > class violation? Usually at > <install_dir>/slapd-<hostname>/logs/errors.log > > Daniel Wilson > Systems Manager > Student and Learning Support > University of Sunderland > Tel: 0191 515 2695 > > > > Andr?s Yacopino wrote: > > >I have deployed a samba server with Sun Java Ldap Directory. > > > >I sucessfully create users and deleted them when ldap delete > dn=yes in > >smb.conf, but when ldap delete dn=no i obtain this error when i > issue a > >smbpasswd -m -x command: > > > >ldapsam_delete_entry: Could not delete attributes for > >uid=aprueba$,ou=computers, > >o= acasalud.com.ar > <http://acasalud.com.ar>,dc=acasalud,dc=com,dc=ar, error: Object > class violation () > >Failed to delete entry for user aprueba$. > >Failed to modify password entry for user aprueba$ > > > >My smb.conf is: > > > >[global] > > > > workgroup = ACASALUDROS > > server string = Sun Samba Server > > security = user > > dos filetimes = yes > > time offset = -360 > > load printers = yes > > printcap name = /etc/printcap > > printing = cups > > guest account = guest > > log file = /usr/local/samba/var/log.%m > > log level = 5 > > max log size = 50 > > null passwords = yes > > encrypt passwords = yes > > ldap password sync = yes > > unix password sync = yes > > username level = 2 > > password level = 0 > > passwd program = /usr/bin/passwd %u > > passwd chat = *New* password* %n\n *new* password* %n\n > *successfully* > > idmap backend = ldapsam:ldap://localhost:389 > > passdb backend = ldapsam:ldap://localhost:389 > > ldap admin dn = cn=Directory Manager > > ldap suffix = o=acasalud.com.ar > <http://acasalud.com.ar>,dc=acasalud,dc=com,dc=ar > > ldap user suffix = ou=people > > ldap group suffix = ou=groups > > ldap machine suffix = ou=computers > > ldap idmap suffix = ou=idmap > > ldap delete dn = no > > socket options = TCP_NODELAY=0 > > wins server = 10.11.0.2 <http://10.11.0.2> > > dns proxy = no > > > >what is wrong? > > > >Is that works only when > > > > preferred master = yes > > domain master = yes > > local master = yes > > domain logons = yes > > > >are yes? > >Any other ideas? > > > >Thanks a lot. > > > > > >-- > >Andr?s Yacopino > > > > > > > > > > -- > Andr?s Yacopino
Andrés Yacopino
2006-Feb-14 18:01 UTC
[Samba] Smbpasswd -m -x not working, "object class violation" error
Thanks for replying Daniel, i execute :grep -il displayName *.ldif and i obtain: 00core.ldif 50ns-admin.ldif 50ns-iabs.ldif 99samba-schema-netscapeds5.x.ldif 99user.ldif And also see the configuration in the console and i see: Standard Attribute(Read Only): Name: displayName OID: 2.16.840.1.113730.3.1.241 Syntax: DirectoryString Multivalued: not checked Do you know what is wrong with this? Thanks a lot, Andr?s. 2006/2/14, Daniel Wilson <daniel.wilson@sunderland.ac.uk>:> > Im sure this means that its trying to delete the displayName attribute > which is more than likely not in your LDAP schema. > > Look in "<install_dir>/slapd-<hostname>/config/schema/" directory for > your schema > > To see if "displayName" is part of any object classes in your LDAP > schema search the schema files: > > bash# grep -il displayName > <install_dir>/slapd-<hostname>/config/schema/*.ldif > > If its not part of your schema you may want to add this attribute to > your 99user.ldif schema file or add the attribute via the Sun LDAP > console (recommended): > > bash # <install_dir>/startconsole & > Server Group > Directory Server (Open) > Configuration > Schema > > Attributes > Create > > -or- > > you may want to just disable schema checking in your LDAP server : > > bash # <install_dir>/startconsole & > Server Group > Directory Server (Open) > Configuration > Schema (Disable) > > Regards > > Daniel Wilson > Systems Manager > Student and Learning Support > University of Sunderland > Tel: 0191 515 2695 > > > > Andr?s Yacopino wrote: > > > Daniel, check the log as you said and i hit this: > > > > [14/Feb/2006:14:19:10 +0300] - ERROR<5897> - Schema - conn=-1 op=-1 > > msgId=-1 - > > User error: Entry "uid=aprueba$,ou=computers,o= acasalud.com.ar > > <http://acasalud.com.ar>,dc=acasalud,dc=c > > om,dc=ar", attribute "displayName" is not allowed > > > > What does it means? > > > > Thanks, > > Andr?s. > > > > > > > > 2006/2/14, Daniel Wilson < daniel.wilson@sunderland.ac.uk > > <mailto:daniel.wilson@sunderland.ac.uk>>: > > > > Have you checkes the Sun LDAP errors.log file for the specific > object > > class violation? Usually at > > <install_dir>/slapd-<hostname>/logs/errors.log > > > > Daniel Wilson > > Systems Manager > > Student and Learning Support > > University of Sunderland > > Tel: 0191 515 2695 > > > > > > > > Andr?s Yacopino wrote: > > > > >I have deployed a samba server with Sun Java Ldap Directory. > > > > > >I sucessfully create users and deleted them when ldap delete > > dn=yes in > > >smb.conf, but when ldap delete dn=no i obtain this error when i > > issue a > > >smbpasswd -m -x command: > > > > > >ldapsam_delete_entry: Could not delete attributes for > > >uid=aprueba$,ou=computers, > > >o= acasalud.com.ar > > <http://acasalud.com.ar>,dc=acasalud,dc=com,dc=ar, error: Object > > class violation () > > >Failed to delete entry for user aprueba$. > > >Failed to modify password entry for user aprueba$ > > > > > >My smb.conf is: > > > > > >[global] > > > > > > workgroup = ACASALUDROS > > > server string = Sun Samba Server > > > security = user > > > dos filetimes = yes > > > time offset = -360 > > > load printers = yes > > > printcap name = /etc/printcap > > > printing = cups > > > guest account = guest > > > log file = /usr/local/samba/var/log.%m > > > log level = 5 > > > max log size = 50 > > > null passwords = yes > > > encrypt passwords = yes > > > ldap password sync = yes > > > unix password sync = yes > > > username level = 2 > > > password level = 0 > > > passwd program = /usr/bin/passwd %u > > > passwd chat = *New* password* %n\n *new* password* %n\n > > *successfully* > > > idmap backend = ldapsam:ldap://localhost:389 > > > passdb backend = ldapsam:ldap://localhost:389 > > > ldap admin dn = cn=Directory Manager > > > ldap suffix = o=acasalud.com.ar > > <http://acasalud.com.ar>,dc=acasalud,dc=com,dc=ar > > > ldap user suffix = ou=people > > > ldap group suffix = ou=groups > > > ldap machine suffix = ou=computers > > > ldap idmap suffix = ou=idmap > > > ldap delete dn = no > > > socket options = TCP_NODELAY=0 > > > wins server = 10.11.0.2 <http://10.11.0.2> > > > dns proxy = no > > > > > >what is wrong? > > > > > >Is that works only when > > > > > > preferred master = yes > > > domain master = yes > > > local master = yes > > > domain logons = yes > > > > > >are yes? > > >Any other ideas? > > > > > >Thanks a lot. > > > > > > > > >-- > > >Andr?s Yacopino > > > > > > > > > > > > > > > > > > -- > > Andr?s Yacopino > > > >-- Andr?s Yacopino
Daniel Wilson
2006-Feb-15 16:38 UTC
[Samba] Smbpasswd -m -x not working, "object class violation" error
What object class is the displayName in and does the user account have that object class ? Im sure you need to have the object class before you can add/remove the attribute assigned to the object classs. Attributes belong to and are grouped in objectclasses. Regards Daniel Wilson Systems Manager Student and Learning Support University of Sunderland Tel: 0191 515 2695 Andr?s Yacopino wrote:> Thanks for replying Daniel, i execute :grep -il displayName *.ldif > > and i obtain: > > 00core.ldif > 50ns-admin.ldif > 50ns-iabs.ldif > 99samba-schema-netscapeds5.x.ldif > 99user.ldif > > And also see the configuration in the console and i see: > > Standard Attribute(Read Only): > > Name: displayName > OID: 2.16.840.1.113730.3.1.241 > Syntax: DirectoryString > Multivalued: not checked > > Do you know what is wrong with this? > Thanks a lot, > Andr?s. > > 2006/2/14, Daniel Wilson <daniel.wilson@sunderland.ac.uk > <mailto:daniel.wilson@sunderland.ac.uk>>: > > Im sure this means that its trying to delete the displayName attribute > which is more than likely not in your LDAP schema. > > Look in "<install_dir>/slapd-<hostname>/config/schema/" directory for > your schema > > To see if "displayName" is part of any object classes in your LDAP > schema search the schema files: > > bash# grep -il displayName > <install_dir>/slapd-<hostname>/config/schema/*.ldif > > If its not part of your schema you may want to add this attribute to > your 99user.ldif schema file or add the attribute via the Sun LDAP > console (recommended): > > bash # <install_dir>/startconsole & > Server Group > Directory Server (Open) > Configuration > Schema > > Attributes > Create > > -or- > > you may want to just disable schema checking in your LDAP server : > > bash # <install_dir>/startconsole & > Server Group > Directory Server (Open) > Configuration > Schema > (Disable) > > Regards > > Daniel Wilson > Systems Manager > Student and Learning Support > University of Sunderland > Tel: 0191 515 2695 > > > > Andr?s Yacopino wrote: > > > Daniel, check the log as you said and i hit this: > > > > [14/Feb/2006:14:19:10 +0300] - ERROR<5897> - Schema - conn=-1 op=-1 > > msgId=-1 - > > User error: Entry "uid=aprueba$,ou=computers,o= acasalud.com.ar > <http://acasalud.com.ar> > > <http://acasalud.com.ar>,dc=acasalud,dc=c > > om,dc=ar", attribute "displayName" is not allowed > > > > What does it means? > > > > Thanks, > > Andr?s. > > > > > > > > 2006/2/14, Daniel Wilson < daniel.wilson@sunderland.ac.uk > <mailto:daniel.wilson@sunderland.ac.uk> > > <mailto:daniel.wilson@sunderland.ac.uk > <mailto:daniel.wilson@sunderland.ac.uk>>>: > > > > Have you checkes the Sun LDAP errors.log file for the > specific object > > class violation? Usually at > > <install_dir>/slapd-<hostname>/logs/errors.log > > > > Daniel Wilson > > Systems Manager > > Student and Learning Support > > University of Sunderland > > Tel: 0191 515 2695 > > > > > > > > Andr?s Yacopino wrote: > > > > >I have deployed a samba server with Sun Java Ldap Directory. > > > > > >I sucessfully create users and deleted them when ldap delete > > dn=yes in > > >smb.conf, but when ldap delete dn=no i obtain this error when i > > issue a > > >smbpasswd -m -x command: > > > > > >ldapsam_delete_entry: Could not delete attributes for > > >uid=aprueba$,ou=computers, > > >o= acasalud.com.ar <http://acasalud.com.ar> > > <http://acasalud.com.ar>,dc=acasalud,dc=com,dc=ar, error: > Object > > class violation () > > >Failed to delete entry for user aprueba$. > > >Failed to modify password entry for user aprueba$ > > > > > >My smb.conf is: > > > > > >[global] > > > > > > workgroup = ACASALUDROS > > > server string = Sun Samba Server > > > security = user > > > dos filetimes = yes > > > time offset = -360 > > > load printers = yes > > > printcap name = /etc/printcap > > > printing = cups > > > guest account = guest > > > log file = /usr/local/samba/var/log.%m > > > log level = 5 > > > max log size = 50 > > > null passwords = yes > > > encrypt passwords = yes > > > ldap password sync = yes > > > unix password sync = yes > > > username level = 2 > > > password level = 0 > > > passwd program = /usr/bin/passwd %u > > > passwd chat = *New* password* %n\n *new* password* %n\n > > *successfully* > > > idmap backend = ldapsam:ldap://localhost:389 > > > passdb backend = ldapsam:ldap://localhost:389 > > > ldap admin dn = cn=Directory Manager > > > ldap suffix = o= acasalud.com.ar > <http://acasalud.com.ar> > > <http://acasalud.com.ar>,dc=acasalud,dc=com,dc=ar > > > ldap user suffix = ou=people > > > ldap group suffix = ou=groups > > > ldap machine suffix = ou=computers > > > ldap idmap suffix = ou=idmap > > > ldap delete dn = no > > > socket options = TCP_NODELAY=0 > > > wins server = 10.11.0.2 <http://10.11.0.2> > <http://10.11.0.2> > > > dns proxy = no > > > > > >what is wrong? > > > > > >Is that works only when > > > > > > preferred master = yes > > > domain master = yes > > > local master = yes > > > domain logons = yes > > > > > >are yes? > > >Any other ideas? > > > > > >Thanks a lot. > > > > > > > > >-- > > >Andr?s Yacopino > > > > > > > > > > > > > > > > > > -- > > Andr?s Yacopino > > > > > > > -- > Andr?s Yacopino
Andrés Yacopino
2006-Feb-16 13:07 UTC
[Samba] Smbpasswd -m -x not working, "object class violation" error
I see the attribute displayName(as allowed attribute) in these user object classes: -pabperson -sambasamaccount -smabagroupmapping The user account has only this classes: sambaSamAccount account top Is this wrong?, the attribute could be in some classes at the same time? Thanks, Andres. 2006/2/15, Daniel Wilson <daniel.wilson@sunderland.ac.uk>:> > What object class is the displayName in and does the user account have > that object class ? Im sure you need to have the object class before you > can add/remove the attribute assigned to the object classs. > > Attributes belong to and are grouped in objectclasses. > > Regards > > Daniel Wilson > Systems Manager > Student and Learning Support > University of Sunderland > Tel: 0191 515 2695 > > > > Andr?s Yacopino wrote: > > > Thanks for replying Daniel, i execute :grep -il displayName *.ldif > > > > and i obtain: > > > > 00core.ldif > > 50ns-admin.ldif > > 50ns-iabs.ldif > > 99samba-schema-netscapeds5.x.ldif > > 99user.ldif > > > > And also see the configuration in the console and i see: > > > > Standard Attribute(Read Only): > > > > Name: displayName > > OID: 2.16.840.1.113730.3.1.241 > > Syntax: DirectoryString > > Multivalued: not checked > > > > Do you know what is wrong with this? > > Thanks a lot, > > Andr?s. > > > > 2006/2/14, Daniel Wilson <daniel.wilson@sunderland.ac.uk > > <mailto:daniel.wilson@sunderland.ac.uk>>: > > > > Im sure this means that its trying to delete the displayName > attribute > > which is more than likely not in your LDAP schema. > > > > Look in "<install_dir>/slapd-<hostname>/config/schema/" directory > for > > your schema > > > > To see if "displayName" is part of any object classes in your LDAP > > schema search the schema files: > > > > bash# grep -il displayName > > <install_dir>/slapd-<hostname>/config/schema/*.ldif > > > > If its not part of your schema you may want to add this attribute to > > your 99user.ldif schema file or add the attribute via the Sun LDAP > > console (recommended): > > > > bash # <install_dir>/startconsole & > > Server Group > Directory Server (Open) > Configuration > Schema > > > Attributes > Create > > > > -or- > > > > you may want to just disable schema checking in your LDAP server : > > > > bash # <install_dir>/startconsole & > > Server Group > Directory Server (Open) > Configuration > Schema > > (Disable) > > > > Regards > > > > Daniel Wilson > > Systems Manager > > Student and Learning Support > > University of Sunderland > > Tel: 0191 515 2695 > > > > > > > > Andr?s Yacopino wrote: > > > > > Daniel, check the log as you said and i hit this: > > > > > > [14/Feb/2006:14:19:10 +0300] - ERROR<5897> - Schema - conn=-1 > op=-1 > > > msgId=-1 - > > > User error: Entry "uid=aprueba$,ou=computers,o= acasalud.com.ar > > <http://acasalud.com.ar> > > > <http://acasalud.com.ar>,dc=acasalud,dc=c > > > om,dc=ar", attribute "displayName" is not allowed > > > > > > What does it means? > > > > > > Thanks, > > > Andr?s. > > > > > > > > > > > > 2006/2/14, Daniel Wilson < daniel.wilson@sunderland.ac.uk > > <mailto:daniel.wilson@sunderland.ac.uk> > > > <mailto:daniel.wilson@sunderland.ac.uk > > <mailto:daniel.wilson@sunderland.ac.uk>>>: > > > > > > Have you checkes the Sun LDAP errors.log file for the > > specific object > > > class violation? Usually at > > > <install_dir>/slapd-<hostname>/logs/errors.log > > > > > > Daniel Wilson > > > Systems Manager > > > Student and Learning Support > > > University of Sunderland > > > Tel: 0191 515 2695 > > > > > > > > > > > > Andr?s Yacopino wrote: > > > > > > >I have deployed a samba server with Sun Java Ldap Directory. > > > > > > > >I sucessfully create users and deleted them when ldap delete > > > dn=yes in > > > >smb.conf, but when ldap delete dn=no i obtain this error when > i > > > issue a > > > >smbpasswd -m -x command: > > > > > > > >ldapsam_delete_entry: Could not delete attributes for > > > >uid=aprueba$,ou=computers, > > > >o= acasalud.com.ar <http://acasalud.com.ar> > > > <http://acasalud.com.ar>,dc=acasalud,dc=com,dc=ar, error: > > Object > > > class violation () > > > >Failed to delete entry for user aprueba$. > > > >Failed to modify password entry for user aprueba$ > > > > > > > >My smb.conf is: > > > > > > > >[global] > > > > > > > > workgroup = ACASALUDROS > > > > server string = Sun Samba Server > > > > security = user > > > > dos filetimes = yes > > > > time offset = -360 > > > > load printers = yes > > > > printcap name = /etc/printcap > > > > printing = cups > > > > guest account = guest > > > > log file = /usr/local/samba/var/log.%m > > > > log level = 5 > > > > max log size = 50 > > > > null passwords = yes > > > > encrypt passwords = yes > > > > ldap password sync = yes > > > > unix password sync = yes > > > > username level = 2 > > > > password level = 0 > > > > passwd program = /usr/bin/passwd %u > > > > passwd chat = *New* password* %n\n *new* password* %n\n > > > *successfully* > > > > idmap backend = ldapsam:ldap://localhost:389 > > > > passdb backend = ldapsam:ldap://localhost:389 > > > > ldap admin dn = cn=Directory Manager > > > > ldap suffix = o= acasalud.com.ar > > <http://acasalud.com.ar> > > > <http://acasalud.com.ar>,dc=acasalud,dc=com,dc=ar > > > > ldap user suffix = ou=people > > > > ldap group suffix = ou=groups > > > > ldap machine suffix = ou=computers > > > > ldap idmap suffix = ou=idmap > > > > ldap delete dn = no > > > > socket options = TCP_NODELAY=0 > > > > wins server = 10.11.0.2 <http://10.11.0.2> > > <http://10.11.0.2> > > > > dns proxy = no > > > > > > > >what is wrong? > > > > > > > >Is that works only when > > > > > > > > preferred master = yes > > > > domain master = yes > > > > local master = yes > > > > domain logons = yes > > > > > > > >are yes? > > > >Any other ideas? > > > > > > > >Thanks a lot. > > > > > > > > > > > >-- > > > >Andr?s Yacopino > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > Andr?s Yacopino > > > > > > > > > > > > > > -- > > Andr?s Yacopino > > > >-- Andr?s Yacopino
Andrés Yacopino
2006-Feb-16 14:44 UTC
[Samba] Smbpasswd -m -x not working, "object class violation" error
This time i add values to cn , the object class inetOrgPerson and a value for sn. After that i try to delete the machine account and it works. Apparently it needs this object class as you said. How can i do to add this class automatically when a add a machine account using smbpasswd? Thanks. Andres. 2006/2/16, Daniel Wilson <daniel.wilson@sunderland.ac.uk>:> > > > I also found that displayName belongs to inetorgperson object class. > > I try to add this object class to the user but i obtain and object > > class violation. > Usually objectclasses have a set of required attributes that must have > values before you can commit adding the object class. Did you just try > and add the object class without adding values to the new attributes? > > > > I see that a user account(not a machine account) has a lot of object > > class, the machine account account has only the three classes > > sambaSamAccount,account,top. > ok so mayby its trying to delete the attribute displayName from the > inetorgperson which a machines doesnt have then...? > > Thanks. > > > > > > > > > > 2006/2/16, Andr?s Yacopino <ayacopino@gmail.com > > <mailto:ayacopino@gmail.com>>: > > > > I see the attribute displayName(as allowed attribute) in these > > user object classes: > > > > -pabperson > > -sambasamaccount > > -smabagroupmapping > > > > The user account has only this classes: > > > > sambaSamAccount > > account > > top > > > > Is this wrong?, the attribute could be in some classes at the same > > time? > > Thanks, > > Andres. > > > > 2006/2/15, Daniel Wilson < daniel.wilson@sunderland.ac.uk > > <mailto:daniel.wilson@sunderland.ac.uk>>: > > > > What object class is the displayName in and does the user > > account have > > that object class ? Im sure you need to have the object class > > before you > > can add/remove the attribute assigned to the object classs. > > > > Attributes belong to and are grouped in objectclasses. > > > > Regards > > > > Daniel Wilson > > Systems Manager > > Student and Learning Support > > University of Sunderland > > Tel: 0191 515 2695 > > > > > > > > Andr?s Yacopino wrote: > > > > > Thanks for replying Daniel, i execute :grep -il displayName > > *.ldif > > > > > > and i obtain: > > > > > > 00core.ldif > > > 50ns-admin.ldif > > > 50ns-iabs.ldif > > > 99samba-schema-netscapeds5.x.ldif > > > 99user.ldif > > > > > > And also see the configuration in the console and i see: > > > > > > Standard Attribute(Read Only): > > > > > > Name: displayName > > > OID: 2.16.840.1.113730.3.1.241 > > > Syntax: DirectoryString > > > Multivalued: not checked > > > > > > Do you know what is wrong with this? > > > Thanks a lot, > > > Andr?s. > > > > > > 2006/2/14, Daniel Wilson <daniel.wilson@sunderland.ac.uk > > <mailto:daniel.wilson@sunderland.ac.uk> > > > <mailto: daniel.wilson@sunderland.ac.uk > > <mailto:daniel.wilson@sunderland.ac.uk>>>: > > > > > > Im sure this means that its trying to delete the > > displayName attribute > > > which is more than likely not in your LDAP schema. > > > > > > Look in "<install_dir>/slapd-<hostname>/config/schema/" > > directory for > > > your schema > > > > > > To see if "displayName" is part of any object classes in > > your LDAP > > > schema search the schema files: > > > > > > bash# grep -il displayName > > > <install_dir>/slapd-<hostname>/config/schema/*.ldif > > > > > > If its not part of your schema you may want to add this > > attribute to > > > your 99user.ldif schema file or add the attribute via the > > Sun LDAP > > > console (recommended): > > > > > > bash # <install_dir>/startconsole & > > > Server Group > Directory Server (Open) > Configuration > > > Schema > > > > Attributes > Create > > > > > > -or- > > > > > > you may want to just disable schema checking in your LDAP > > server : > > > > > > bash # <install_dir>/startconsole & > > > Server Group > Directory Server (Open) > Configuration > > > Schema > > > (Disable) > > > > > > Regards > > > > > > Daniel Wilson > > > Systems Manager > > > Student and Learning Support > > > University of Sunderland > > > Tel: 0191 515 2695 > > > > > > > > > > > > Andr?s Yacopino wrote: > > > > > > > Daniel, check the log as you said and i hit this: > > > > > > > > [14/Feb/2006:14:19:10 +0300] - ERROR<5897> - Schema - > > conn=-1 op=-1 > > > > msgId=-1 - > > > > User error: Entry "uid=aprueba$,ou=computers,o> > acasalud.com.ar <http://acasalud.com.ar> > > > <http://acasalud.com.ar> > > > > < http://acasalud.com.ar>,dc=acasalud,dc=c > > > > om,dc=ar", attribute "displayName" is not allowed > > > > > > > > What does it means? > > > > > > > > Thanks, > > > > Andr?s. > > > > > > > > > > > > > > > > 2006/2/14, Daniel Wilson < > > daniel.wilson@sunderland.ac.uk > > <mailto:daniel.wilson@sunderland.ac.uk> > > > <mailto:daniel.wilson@sunderland.ac.uk > > <mailto:daniel.wilson@sunderland.ac.uk>> > > > > <mailto: daniel.wilson@sunderland.ac.uk > > <mailto:daniel.wilson@sunderland.ac.uk> > > > <mailto:daniel.wilson@sunderland.ac.uk > > <mailto:daniel.wilson@sunderland.ac.uk>>>>: > > > > > > > > Have you checkes the Sun LDAP errors.log file for > the > > > specific object > > > > class violation? Usually at > > > > <install_dir>/slapd-<hostname>/logs/errors.log > > > > > > > > Daniel Wilson > > > > Systems Manager > > > > Student and Learning Support > > > > University of Sunderland > > > > Tel: 0191 515 2695 > > > > > > > > > > > > > > > > Andr?s Yacopino wrote: > > > > > > > > >I have deployed a samba server with Sun Java Ldap > > Directory. > > > > > > > > > >I sucessfully create users and deleted them when > > ldap delete > > > > dn=yes in > > > > >smb.conf, but when ldap delete dn=no i obtain this > > error when i > > > > issue a > > > > >smbpasswd -m -x command: > > > > > > > > > >ldapsam_delete_entry: Could not delete attributes > for > > > > >uid=aprueba$,ou=computers, > > > > >o= acasalud.com.ar <http://acasalud.com.ar> < > > http://acasalud.com.ar> > > > > <http://acasalud.com.ar>,dc=acasalud,dc=com,dc=ar, > > error: > > > Object > > > > class violation () > > > > >Failed to delete entry for user aprueba$. > > > > >Failed to modify password entry for user aprueba$ > > > > > > > > > >My smb.conf is: > > > > > > > > > >[global] > > > > > > > > > > workgroup = ACASALUDROS > > > > > server string = Sun Samba Server > > > > > security = user > > > > > dos filetimes = yes > > > > > time offset = -360 > > > > > load printers = yes > > > > > printcap name = /etc/printcap > > > > > printing = cups > > > > > guest account = guest > > > > > log file = /usr/local/samba/var/log.%m > > > > > log level = 5 > > > > > max log size = 50 > > > > > null passwords = yes > > > > > encrypt passwords = yes > > > > > ldap password sync = yes > > > > > unix password sync = yes > > > > > username level = 2 > > > > > password level = 0 > > > > > passwd program = /usr/bin/passwd %u > > > > > passwd chat = *New* password* %n\n *new* > > password* %n\n > > > > *successfully* > > > > > idmap backend > ldapsam:ldap://localhost:389 > > > > > passdb backend > ldapsam:ldap://localhost:389 > > > > > ldap admin dn = cn=Directory Manager > > > > > ldap suffix = o= acasalud.com.ar > > <http://acasalud.com.ar> > > > < http://acasalud.com.ar> > > > > < http://acasalud.com.ar>,dc=acasalud,dc=com,dc=ar > > > > > ldap user suffix = ou=people > > > > > ldap group suffix = ou=groups > > > > > ldap machine suffix = ou=computers > > > > > ldap idmap suffix = ou=idmap > > > > > ldap delete dn = no > > > > > socket options = TCP_NODELAY=0 > > > > > wins server = 10.11.0.2 <http://10.11.0.2> > > <http://10.11.0.2> > > > < http://10.11.0.2> > > > > > dns proxy = no > > > > > > > > > >what is wrong? > > > > > > > > > >Is that works only when > > > > > > > > > > preferred master = yes > > > > > domain master = yes > > > > > local master = yes > > > > > domain logons = yes > > > > > > > > > >are yes? > > > > >Any other ideas? > > > > > > > > > >Thanks a lot. > > > > > > > > > > > > > > >-- > > > > >Andr?s Yacopino > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > Andr?s Yacopino > > > > > > > > > > > > > > > > > > > > > -- > > > Andr?s Yacopino > > > > > > > > > > > > > > -- > > Andr?s Yacopino > > > > > > > > > > -- > > Andr?s Yacopino > > -- > Daniel Wilson > Systems Manager > Student and Learning Support > University of Sunderland > Tel: 0191 515 2695 > >-- Andr?s Yacopino
Fermin Molina
2006-Feb-18 14:16 UTC
[Samba] Smbpasswd -m -x not working, "object class violation" error
On Thu, 2006-02-16 at 11:43 -0300, Andr?s Yacopino wrote:> This time i add values to cn , the object class inetOrgPerson and a value > for sn. > After that i try to delete the machine account and it works. > Apparently it needs this object class as you said. > How can i do to add this class automatically when a add a machine account > using smbpasswd?Are you using "smbldap-tools"? In my case, I need to put some aditional information to new machine accounts like you. I modified the "sub add_posix_machine" in "smbldap_tools.pm" perl script to add the information I need. But I think class inetOrgPerson is added by this scripts... I use smbldap-tool 0.9.1 version. Hope this helps. /Fermin> 2006/2/16, Daniel Wilson <daniel.wilson@sunderland.ac.uk>: > > > > > > > I also found that displayName belongs to inetorgperson object class. > > > I try to add this object class to the user but i obtain and object > > > class violation. > > Usually objectclasses have a set of required attributes that must have > > values before you can commit adding the object class. Did you just try > > and add the object class without adding values to the new attributes? > > > > > > I see that a user account(not a machine account) has a lot of object > > > class, the machine account account has only the three classes > > > sambaSamAccount,account,top. > > ok so mayby its trying to delete the attribute displayName from the > > inetorgperson which a machines doesnt have then...? > > > Thanks. > > > > > > > > > > > > > > > 2006/2/16, Andr?s Yacopino <ayacopino@gmail.com > > > <mailto:ayacopino@gmail.com>>: > > > > > > I see the attribute displayName(as allowed attribute) in these > > > user object classes: > > > > > > -pabperson > > > -sambasamaccount > > > -smabagroupmapping > > > > > > The user account has only this classes: > > > > > > sambaSamAccount > > > account > > > top > > > > > > Is this wrong?, the attribute could be in some classes at the same > > > time? > > > Thanks, > > > Andres. > > > > > > 2006/2/15, Daniel Wilson < daniel.wilson@sunderland.ac.uk > > > <mailto:daniel.wilson@sunderland.ac.uk>>: > > > > > > What object class is the displayName in and does the user > > > account have > > > that object class ? Im sure you need to have the object class > > > before you > > > can add/remove the attribute assigned to the object classs. > > > > > > Attributes belong to and are grouped in objectclasses. > > > > > > Regards > > > > > > Daniel Wilson > > > Systems Manager > > > Student and Learning Support > > > University of Sunderland > > > Tel: 0191 515 2695 > > > > > > > > > > > > Andr?s Yacopino wrote: > > > > > > > Thanks for replying Daniel, i execute :grep -il displayName > > > *.ldif > > > > > > > > and i obtain: > > > > > > > > 00core.ldif > > > > 50ns-admin.ldif > > > > 50ns-iabs.ldif > > > > 99samba-schema-netscapeds5.x.ldif > > > > 99user.ldif > > > > > > > > And also see the configuration in the console and i see: > > > > > > > > Standard Attribute(Read Only): > > > > > > > > Name: displayName > > > > OID: 2.16.840.1.113730.3.1.241 > > > > Syntax: DirectoryString > > > > Multivalued: not checked > > > > > > > > Do you know what is wrong with this? > > > > Thanks a lot, > > > > Andr?s. > > > > > > > > 2006/2/14, Daniel Wilson <daniel.wilson@sunderland.ac.uk > > > <mailto:daniel.wilson@sunderland.ac.uk> > > > > <mailto: daniel.wilson@sunderland.ac.uk > > > <mailto:daniel.wilson@sunderland.ac.uk>>>: > > > > > > > > Im sure this means that its trying to delete the > > > displayName attribute > > > > which is more than likely not in your LDAP schema. > > > > > > > > Look in "<install_dir>/slapd-<hostname>/config/schema/" > > > directory for > > > > your schema > > > > > > > > To see if "displayName" is part of any object classes in > > > your LDAP > > > > schema search the schema files: > > > > > > > > bash# grep -il displayName > > > > <install_dir>/slapd-<hostname>/config/schema/*.ldif > > > > > > > > If its not part of your schema you may want to add this > > > attribute to > > > > your 99user.ldif schema file or add the attribute via the > > > Sun LDAP > > > > console (recommended): > > > > > > > > bash # <install_dir>/startconsole & > > > > Server Group > Directory Server (Open) > Configuration > > > > Schema > > > > > Attributes > Create > > > > > > > > -or- > > > > > > > > you may want to just disable schema checking in your LDAP > > > server : > > > > > > > > bash # <install_dir>/startconsole & > > > > Server Group > Directory Server (Open) > Configuration > > > > Schema > > > > (Disable) > > > > > > > > Regards > > > > > > > > Daniel Wilson > > > > Systems Manager > > > > Student and Learning Support > > > > University of Sunderland > > > > Tel: 0191 515 2695 > > > > > > > > > > > > > > > > Andr?s Yacopino wrote: > > > > > > > > > Daniel, check the log as you said and i hit this: > > > > > > > > > > [14/Feb/2006:14:19:10 +0300] - ERROR<5897> - Schema - > > > conn=-1 op=-1 > > > > > msgId=-1 - > > > > > User error: Entry "uid=aprueba$,ou=computers,o> > > acasalud.com.ar <http://acasalud.com.ar> > > > > <http://acasalud.com.ar> > > > > > < http://acasalud.com.ar>,dc=acasalud,dc=c > > > > > om,dc=ar", attribute "displayName" is not allowed > > > > > > > > > > What does it means? > > > > > > > > > > Thanks, > > > > > Andr?s. > > > > > > > > > > > > > > > > > > > > 2006/2/14, Daniel Wilson < > > > daniel.wilson@sunderland.ac.uk > > > <mailto:daniel.wilson@sunderland.ac.uk> > > > > <mailto:daniel.wilson@sunderland.ac.uk > > > <mailto:daniel.wilson@sunderland.ac.uk>> > > > > > <mailto: daniel.wilson@sunderland.ac.uk > > > <mailto:daniel.wilson@sunderland.ac.uk> > > > > <mailto:daniel.wilson@sunderland.ac.uk > > > <mailto:daniel.wilson@sunderland.ac.uk>>>>: > > > > > > > > > > Have you checkes the Sun LDAP errors.log file for > > the > > > > specific object > > > > > class violation? Usually at > > > > > <install_dir>/slapd-<hostname>/logs/errors.log > > > > > > > > > > Daniel Wilson > > > > > Systems Manager > > > > > Student and Learning Support > > > > > University of Sunderland > > > > > Tel: 0191 515 2695 > > > > > > > > > > > > > > > > > > > > Andr?s Yacopino wrote: > > > > > > > > > > >I have deployed a samba server with Sun Java Ldap > > > Directory. > > > > > > > > > > > >I sucessfully create users and deleted them when > > > ldap delete > > > > > dn=yes in > > > > > >smb.conf, but when ldap delete dn=no i obtain this > > > error when i > > > > > issue a > > > > > >smbpasswd -m -x command: > > > > > > > > > > > >ldapsam_delete_entry: Could not delete attributes > > for > > > > > >uid=aprueba$,ou=computers, > > > > > >o= acasalud.com.ar <http://acasalud.com.ar> < > > > http://acasalud.com.ar> > > > > > <http://acasalud.com.ar>,dc=acasalud,dc=com,dc=ar, > > > error: > > > > Object > > > > > class violation () > > > > > >Failed to delete entry for user aprueba$. > > > > > >Failed to modify password entry for user aprueba$ > > > > > > > > > > > >My smb.conf is: > > > > > > > > > > > >[global] > > > > > > > > > > > > workgroup = ACASALUDROS > > > > > > server string = Sun Samba Server > > > > > > security = user > > > > > > dos filetimes = yes > > > > > > time offset = -360 > > > > > > load printers = yes > > > > > > printcap name = /etc/printcap > > > > > > printing = cups > > > > > > guest account = guest > > > > > > log file = /usr/local/samba/var/log.%m > > > > > > log level = 5 > > > > > > max log size = 50 > > > > > > null passwords = yes > > > > > > encrypt passwords = yes > > > > > > ldap password sync = yes > > > > > > unix password sync = yes > > > > > > username level = 2 > > > > > > password level = 0 > > > > > > passwd program = /usr/bin/passwd %u > > > > > > passwd chat = *New* password* %n\n *new* > > > password* %n\n > > > > > *successfully* > > > > > > idmap backend > > ldapsam:ldap://localhost:389 > > > > > > passdb backend > > ldapsam:ldap://localhost:389 > > > > > > ldap admin dn = cn=Directory Manager > > > > > > ldap suffix = o= acasalud.com.ar > > > <http://acasalud.com.ar> > > > > < http://acasalud.com.ar> > > > > > < http://acasalud.com.ar>,dc=acasalud,dc=com,dc=ar > > > > > > ldap user suffix = ou=people > > > > > > ldap group suffix = ou=groups > > > > > > ldap machine suffix = ou=computers > > > > > > ldap idmap suffix = ou=idmap > > > > > > ldap delete dn = no > > > > > > socket options = TCP_NODELAY=0 > > > > > > wins server = 10.11.0.2 <http://10.11.0.2> > > > <http://10.11.0.2> > > > > < http://10.11.0.2> > > > > > > dns proxy = no > > > > > > > > > > > >what is wrong? > > > > > > > > > > > >Is that works only when > > > > > > > > > > > > preferred master = yes > > > > > > domain master = yes > > > > > > local master = yes > > > > > > domain logons = yes > > > > > > > > > > > >are yes? > > > > > >Any other ideas? > > > > > > > > > > > >Thanks a lot. > > > > > > > > > > > > > > > > > >-- > > > > > >Andr?s Yacopino > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Andr?s Yacopino > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > Andr?s Yacopino > > > > > > > > > > > > > > > > > > > > > -- > > > Andr?s Yacopino > > > > > > > > > > > > > > > -- > > > Andr?s Yacopino > > > > -- > > Daniel Wilson > > Systems Manager > > Student and Learning Support > > University of Sunderland > > Tel: 0191 515 2695 > > > > > > > -- > Andr?s Yacopino