On 2/9/2016 3:48 PM, Rowland penny wrote:> On 09/02/16 19:59, Allen Chen wrote:
>> Hi there,
>>
>> I have Samba 4.1.13 AD DC compiled on CentOS 6.2 (32bit). Everything
>> is working fine.
>>
>> Issue: ldbadd cannot re-add a deleted user account.
>> What I did:
>> 1. save user account
>> # ./bin/ldbsearch -H /usr/local/samba/private/sam.ldb
>> sAMAccountName=krtu > ./user-add.ldif
>>
>> 2. delete the user account
>> # ./bin/ldbdel -H /usr/local/samba/private/sam.ldb
>> "CN=krtu,CN=Users,DC=mydomain,DC=com"
>> This user has been deleted. ldbsearch couldn't find it.
>>
>> 2. add it back again
>> First remove the following attr from the saved file user-add.ldif
>> sAMAccountType
>> memberOf
>> objectGUID
>> primaryGroupID
>>
>> Then ldbadd gives the error:
>> # ./bin/ldbadd -H /usr/local/samba/private/sam.ldb ./user-add.ldif
>> ERR: Entry already exists : "../lib/ldb/ldb_tdb/ldb_index.c:1216:
>> Failed to re-index objectSid in CN=krtu,CN=Users,DC=mydomain,DC=com -
>> ../lib/ldb/ldb_tdb/ldb_index.c:1148: unique index violation on
>> objectSid in CN=krtu,CN=Users,DC=mydomain,DC=com" on DN
>> CN=krtu,CN=Users,DC=mydomain,DC=com at block before line 36
>> Add failed after processing 0 records
>>
>> Is it normal?
>>
>> Thanks,
>
> Two things spring to mind, first, why would you want to delete a user
> and then recreate it again.
> Secondly, the users SID comes in two parts, the SID (this is used for
> for all domain objects) and a RID, this RID comes from a pool and this
> may be your problem.
>
> Can we see the ldif you used (suitably sanitized).
>
> Rowland
>
Hi Rowland,
I just want to try these two command: ldbdel and ldbadd.
If ldbadd cannot add a previous existed account, then what's the point
of ldbadd?
Here is the ldif file created by ldbsearch:
# ./bin/ldbsearch -H /usr/local/samba/private/sam.ldb
sAMAccountName=krtu > ./user-add.ldif
dn: CN=krtu,CN=Users,DC=mydomain,DC=com
cn: krtu
sn: Allen
givenName: Wan
instanceType: 4
whenCreated: 20160208213002.0Z
displayName: Allen Wan
uSNCreated: 1978630
name: krtu
badPwdCount: 0
codePage: 0
countryCode: 0
homeDirectory: /home/employees/krtu
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
scriptPath: logon.bat
objectSid: S-1-5-21-3939752234-2171877362-3959421765-5590
logonCount: 0
sAMAccountName: krtu
userPrincipalName: krtu at mydomain.com
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=mydomain,DC=com
uidNumber: 3029
gidNumber: 1027
loginShell: /bin/false
objectClass: top
objectClass: posixAccount
objectClass: person
objectClass: organizationalPerson
objectClass: user
pwdLastSet: 130994406020000000
userAccountControl: 512
accountExpires: 134466822030000000
whenChanged: 20160208213003.0Z
uSNChanged: 1978635
distinguishedName: CN=krtu,CN=Users,DC=mydomain,DC=com
Thanks,
Allen