On Mon, 23 Jul 2018 13:12:42 +0100 Rowland Penny via samba <samba at lists.samba.org> wrote:> On Mon, 23 Jul 2018 14:02:45 +0200 > Henry Jensen via samba <samba at lists.samba.org> wrote: > > > > Yes, the objects in question are displayed, one of them looks like > > this: > > > > # record 46 > > dn: > > CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan > > cn:: cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtcnc> > instanceType: 4 whenCreated: 20180720113100.0Z > > uSNCreated: 5982 > > name:: > > cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtcnc> > objectGUID: ecbda919-4c16-4d06-9695-2540e35b44da objectSid: > > S-1-5-21-4144324718-2848790307-3888702956-3897 sAMAccountName:: > > cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtc nc> > sAMAccountType: 268435456 > > groupType: -2147483646 > > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=iww,DC=lan > > gidNumber: 1448 > > objectClass: top > > objectClass: posixGroup > > objectClass: group > > msSFU30NisDomain: iww > > whenChanged: 20180720113106.0Z > > uSNChanged: 15576 > > distinguishedName:: > > Q049cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taX > > NjaGUtcncsQ049VXNlcnMsREM9aXd3LERDPWxhbg=> > > > However, "ldbdel -H /var/lib/samba/private/sam.ldb > > 'CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan'" > > doesn't work, it says "entry does not exist" > > Try it without the single quotes around the DN > If this doesn't work, try opening AD in ldbedit again and manually > delete all the object lines (including the 'record' line)I tried it on my test environment (didn't want to do it in production) first. Still no luck - when i delete the entire object with ldbedit it says "failed to delete CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan - objectclass: Cannot delete CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan, entry does not exist!" So, no chance to get them out of there easy way? Strange how they got in there in the first place by classicupgrade. Because I knew that umlauts can lead to problems I renamed those objects in the original OpenLDAP tree before doing the classicupgrade. The renamed groups got migrated to AD and I can manage them without problems, but there are also the groups with umlauts (they even have the same GIDs). Kind regards, Henry
On Mon, 23 Jul 2018 15:01:19 +0200 Henry Jensen via samba <samba at lists.samba.org> wrote:> On Mon, 23 Jul 2018 13:12:42 +0100 > Rowland Penny via samba <samba at lists.samba.org> wrote: > > > On Mon, 23 Jul 2018 14:02:45 +0200 > > Henry Jensen via samba <samba at lists.samba.org> wrote: > > > > > > Yes, the objects in question are displayed, one of them looks like > > > this: > > > > > > # record 46 > > > dn: > > > CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan > > > cn:: > > > cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtcnc> > > instanceType: 4 whenCreated: 20180720113100.0Z uSNCreated: 5982 > > > name:: > > > cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtcnc> > > objectGUID: ecbda919-4c16-4d06-9695-2540e35b44da objectSid: > > > S-1-5-21-4144324718-2848790307-3888702956-3897 sAMAccountName:: > > > cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtc nc> > > sAMAccountType: 268435456 > > > groupType: -2147483646 > > > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=iww,DC=lan > > > gidNumber: 1448 > > > objectClass: top > > > objectClass: posixGroup > > > objectClass: group > > > msSFU30NisDomain: iww > > > whenChanged: 20180720113106.0Z > > > uSNChanged: 15576 > > > distinguishedName:: > > > Q049cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taX > > > NjaGUtcncsQ049VXNlcnMsREM9aXd3LERDPWxhbg=> > > > > > However, "ldbdel -H /var/lib/samba/private/sam.ldb > > > 'CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan'" > > > doesn't work, it says "entry does not exist" > > > > Try it without the single quotes around the DN > > If this doesn't work, try opening AD in ldbedit again and manually > > delete all the object lines (including the 'record' line) > > I tried it on my test environment (didn't want to do it in > production) first. > > Still no luck - when i delete the entire object with ldbedit it says > > "failed to delete > CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan > - objectclass: Cannot delete > CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan, > entry does not exist!" > > So, no chance to get them out of there easy way? > > Strange how they got in there in the first place by classicupgrade. > Because I knew that umlauts can lead to problems I renamed those > objects in the original OpenLDAP tree before doing the classicupgrade. > > The renamed groups got migrated to AD and I can manage them without > problems, but there are also the groups with umlauts (they even have > the same GIDs). > > > Kind regards, > Henry > >Okay, echo "cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtcnc=" | base64 -d Gets me: projekt-st.wendel-wvw-technisch-ökonomische-rw As you can see, it has those funny two dots over the 'o'. have you tried using that in the DN of the delete command ? i.e. ldbdel -H /var/lib/samba/private/sam.ldb CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan Rowland
Am Mon, 23 Jul 2018 15:01:32 +0100 schrieb Rowland Penny via samba <samba at lists.samba.org>:> Okay, > echo > "cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtcnc=" | > base64 -d > > Gets me: > > projekt-st.wendel-wvw-technisch-ökonomische-rw > > As you can see, it has those funny two dots over the 'o'. have you > tried using that in the DN of the delete command ? > > i.e. ldbdel -H /var/lib/samba/private/sam.ldb > CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lanYes, ä ö and ü are called "umlauts". It seems that objects with umlauts are base64 encoded by default in AD. And yes, deletion fails also with the command you suggested. Kind regards, Henry