Franta Hanzlík
2025-Sep-18 04:17 UTC
[Samba] sAMAccountType is any special attribute for ldbsearch?
On Thu, 18 Sep 2025 01:34:58 +0200 Franta Hanzl?k via samba <samba at lists.samba.org> wrote:> [...] > Now I've come across an interesting mystery that I can't explain: > I wanted to use ldbsearch to list user accounts by specifying the LDAP > filter sAMAccountType == SAM_USER_OBJECT (=0x30000000 = 805306368). > And I don't understand the behavior of ldbsearch and I don't know how > to explain and fix it. My attempts and results: > > 1) > # ldbsearch -H /var/lib/samba/private/sam.ldb.d/DC\=ZAMECEK\,DC\=HOME.ldb "(sAMAccountType=805306368)" dn sAMAccountType > # returned 0 records > # 0 entries > # 0 referrals > > Why the hell doesn't it work? And - this is interesting: > [...] > --Did I miss something in the LDAP/LDB filter syntax? This example also returns no data, even though there are a number of records with distinguishedName matching pattern *,OU=T,DC=zamecek,DC=* ldbsearch -H /var/lib/samba/private/sam.ldb.d/DC\=ZAMECEK\,DC\=HOME.ldb "(distinguishedName=*OU=T*)" dn distinguishedName # returned 0 records # 0 entries # 0 referrals -- Thanks, Franta Hanzlik
Rowland Penny
2025-Sep-18 07:28 UTC
[Samba] sAMAccountType is any special attribute for ldbsearch?
On Thu, 18 Sep 2025 06:17:39 +0200 Franta Hanzl?k via samba <samba at lists.samba.org> wrote:> On Thu, 18 Sep 2025 01:34:58 +0200 > Franta Hanzl?k via samba <samba at lists.samba.org> wrote: > > > [...] > > Now I've come across an interesting mystery that I can't explain: > > I wanted to use ldbsearch to list user accounts by specifying the > > LDAP filter sAMAccountType == SAM_USER_OBJECT (=0x30000000 > > 805306368). And I don't understand the behavior of ldbsearch and I > > don't know how to explain and fix it. My attempts and results: > > > > 1) > > # ldbsearch -H > > /var/lib/samba/private/sam.ldb.d/DC\=ZAMECEK\,DC\=HOME.ldb > > "(sAMAccountType=805306368)" dn sAMAccountType # returned 0 records > > # 0 entries # 0 referrals > > > > Why the hell doesn't it work? And - this is interesting: > > [...] > > -- > > Did I miss something in the LDAP/LDB filter syntax? > This example also returns no data, even though there are a number of > records with distinguishedName matching pattern *,OU=T,DC=zamecek,DC=* > > ldbsearch -H > /var/lib/samba/private/sam.ldb.d/DC\=ZAMECEK\,DC\=HOME.ldb > "(distinguishedName=*OU=T*)" dn distinguishedName # returned 0 > records # 0 entries # 0 referralsIt probably isn't working because you are searching in the wrong place. Never search in the files in the sam.ldb.d directory and definitely never alter any of the files in that directory. Try your original search like this: sudo ldbsearch -H /var/lib/samba/private/sam.ldb "(sAMAccountType=805306368)" dn sAMAccountType Just search and alter the sam.ldb file. Rowland