search for: myou

On Thu, 2016-04-14 at 18:07 +0100, Jonathan Hunter wrote: > On 14 April 2016 at 13:37, Jonathan Hunter <jmhunter1 at gmail.com> > wrote: > > > # samba-tool dbcheck --cross-ncs > > Checking 4079 objects > > MYOBJ=value,OU=myou,DC=mydomain,DC=org,DC=uk: 0x00290001 > > MYOBJ=value,OU=myou,DC=mydomain,DC=org,DC=uk: 0x0029000a > > MYOBJ=value,OU=myou,DC=mydomain,DC=org,DC=uk: 0x00290004 > > MYOBJ=value,OU=myou,DC=mydomain,DC=org,DC=uk: 0x0009030e > > MYOBJ=value,OU=myou,DC=mydomain,DC=org,DC=uk: 0x000...

...t yet had problems with samba that have caused me to delve quite so deeply into the DB :) so I'm not as familiar with the range of tools as I could be, sorry!) This has flagged up quite a few errors, all along the lines of: # samba-tool dbcheck --cross-ncs Checking 4079 objects MYOBJ=value,OU=myou,DC=mydomain,DC=org,DC=uk: 0x00290001 MYOBJ=value,OU=myou,DC=mydomain,DC=org,DC=uk: 0x0029000a MYOBJ=value,OU=myou,DC=mydomain,DC=org,DC=uk: 0x00290004 MYOBJ=value,OU=myou,DC=mydomain,DC=org,DC=uk: 0x0009030e MYOBJ=value,OU=myou,DC=mydomain,DC=org,DC=uk: 0x00090001 MYOBJ=value,OU=myou,DC=mydomain,DC...

...x' and it has successfully fixed some errors; there were 110 previously, however there are still 69 remaining after a second pass of dbcheck --fix. The remaining errors seem to be mainly of this form: ERROR: duplicate attributeID values for myattrib in replPropertyMetaData on MYOBJ=object1,OU=myou,DC=mydomain,DC=org,DC=uk Fix replPropertyMetaData on MYOBJ=object1,OU=myou,DC=mydomain,DC=org,DC=uk by removing the duplicate value 0x00290003 for myattrib (keeping 0xbd27f44d5)? [YES] [...] ERROR: incorrect attributeID values in replPropertyMetaData on MYOBJ=object1,OU=myou,DC=mydomain,DC=org,DC=...

...the change has in fact introduced > correct behaviour.. > > Am I right in thinking that the objects I need to look at are > - the group itself > - all (some?) members of the group > - any others? The full chain. > Are permissions checked in a hiearchical fashion, i.e. if OU=myou > does > not allow a particular user to read it, then would > CN=somegroup,OU=myou still be denied regardless of the explicit > permissions on the CN=somegroup,OU=myou object? That is what I am getting at. The full chain must be checked. > And I believe I'm > correct in t...

On 14 April 2016 at 13:37, Jonathan Hunter <jmhunter1 at gmail.com> wrote: > # samba-tool dbcheck --cross-ncs > Checking 4079 objects > MYOBJ=value,OU=myou,DC=mydomain,DC=org,DC=uk: 0x00290001 > MYOBJ=value,OU=myou,DC=mydomain,DC=org,DC=uk: 0x0029000a > MYOBJ=value,OU=myou,DC=mydomain,DC=org,DC=uk: 0x00290004 > MYOBJ=value,OU=myou,DC=mydomain,DC=org,DC=uk: 0x0009030e > MYOBJ=value,OU=myou,DC=mydomain,DC=org,DC=uk: 0x00090001 > MYOBJ=val...

...the output hard to decipher so I used ldp.exe on Windows instead in the end) On Wed, 22 Nov 2023 at 20:22, Andrew Bartlett <abartlet at samba.org> wrote: > > On Wed, 2023-11-22 at 17:33 +0000, Jonathan Hunter wrote: > > Are permissions checked in a hiearchical fashion, i.e. if OU=myou > > does > > not allow a particular user to read it, then would > > CN=somegroup,OU=myou still be denied regardless of the explicit > > permissions on the CN=somegroup,OU=myou object? > > That is what I am getting at. The full chain must be checked. What I have found...

Hello guys! How I can create an organizationalUnit (OU)? Now I created an user into an OU already existent, but I need to create a new OU. I tried with: root at s1 :~#nano file.ldif dn: ou=MyOU,DC=dominio,DC=pdc,DC=cu objectClass: top objectClass: organizationalUnit ou: MyOU root at s1 :~#ldbadd --url=/var/lib/samba/private/sam.ldb file.ldif but when I search MyOU on the Active Directory with the AD Users and Computers tool from windows I can't find it. MyOU do not appear into t...

...d some errors; there were 110 previously, however > there are still 69 remaining after a second pass of dbcheck --fix. > > The remaining errors seem to be mainly of this form: > > ERROR: duplicate attributeID values for myattrib in > replPropertyMetaData on > MYOBJ=object1,OU=myou,DC=mydomain,DC=org,DC=uk > > Fix replPropertyMetaData on > MYOBJ=object1,OU=myou,DC=mydomain,DC=org,DC=uk by removing the > duplicate value 0x00290003 for myattrib (keeping 0xbd27f44d5)? [YES] > [...] > ERROR: incorrect attributeID values in replPropertyMetaData on > MYOBJ=obj...

...t reports that "A constraint violation occurred"; I get the same error from Apache Directory Studio, too - details are as follows: Error while creating entry - [LDAP: error code 19 - 0000202F: replmd_add: error during direct ADD: No rDN found in replPropertyMetaData for mytype=abc123,OU=myou,DC=mydomain,DC=org,DC=uk I have checked using the 'Active Directory Schema' MMC snap-in, and my custom schema classes and attributes do still seem to be showing as present and correct, just as I originally added them many months ago - I can't spot any problems there. It behaves exactl...

...ash script using ldb-tools to do this. > > Rowland > > Thanks for your help Rowland. I had a look at the LDB Tools wiki page. As far as I understand, I have to generate a LDIF file containing all the changes I want to add to the database, something like : myLDIF_file : dn: CN=user1,OU=myOU,DC=mydom,DC=foo,DC=fr changetype: modify add: mail mail: user1 at foo.fr dn: CN=user2,OU=myOU,DC=mydom,DC=foo,DC=fr changetype: modify add: mail mail: user2 at foo.fr etc ... and use $ ldbmodify -H samba_home/private/sam.ldb myLDIF_file to modify the Samba AD database. Am I on the right way ? If...

...atabase? Thank you very much in advance! --- When doing a very simple LDAP lookup using ldapsearch we get around 47ms of execution time (incl. bind and unbind): # time ldapsearch -H ldaps://10.12.100.1:636 -D "CN=Auth-User,CN=Users,DC=subdomain,DC=example,DC=de" -w xxxx -b "OU=myou,DC=subdomain,DC=example,DC=de" "(cn=user.name)" real??? 0m0.047s user??? 0m0.026s sys??? 0m0.009s When trying to get the gidNumber of all groups the user is member of this request takes around 378ms (- 45ms roughly bind/unbind overhead): # time ldapsearch -H ldaps://10.12.100.1:63...

...owland > > > > > Thanks for your help Rowland. > > I had a look at the LDB Tools wiki page. > As far as I understand, I have to generate a LDIF file containing all > the changes I want to add to the database, something like : > > myLDIF_file : > dn: CN=user1,OU=myOU,DC=mydom,DC=foo,DC=fr > changetype: modify > add: mail > mail: user1 at foo.fr > > dn: CN=user2,OU=myOU,DC=mydom,DC=foo,DC=fr > changetype: modify > add: mail > mail: user2 at foo.fr > etc ... > > and use $ ldbmodify -H samba_home/private/sam.ldb myLDIF_file to &g...

Hi, On RSAT , we can see that there are some extra fields for users account like description, office, phone number or email address. I already have hundreds of user accounts in Samba AD but these extra fields have not been fed. I would like to import in particular the email address for each existing users, however I don't find a way to do that with a samba command line. Is there a way to

Hi Jonathan and Andrew, > Reminder of my original LDAP query: > (& > (objectCategory=Person) > (sAMAccountName=*) > (memberOf:1.2.840.113556.1.4.1941:=CN=mygroup,OU=myou,DC=mydomain,DC=org) > ) I came across the same/similar issue yesterday and found the origin that triggered the issue (at least in my case). I've added a response to your bugzilla entry [1]. To make it short, if you have a GPO where "Authenticated Users" security token has been...

...ring = SVR1 netbios name = SVR1 add machine script = /usr/sbin/ldapaddmachine.save %m printcap name = /etc/printcap load printers = yes log file = /var/log/samba/%m.log max log size = 50 security = user encrypt passwords = yes ldap suffix = o=Myou,c=US ldap user suffix = ou=Users ldap group suffix = ou=Groups ;; Work-around re: number failures, and numerous online notes. ;; Which is this supposed to be? ldap machine suffix = ou=Computers ;;ldap machine suffix = ou=Users ldap delete dn = no ldap filter...

...n this server and the rest of the world (which includes the DCs), ports are open for kerberos and CIFS inbound and kerberos, CIFS, NTP and UDP oubtound. this machine (server.sub.domain.org) is in a subdomain of the AD domain (domain.org) I am able to run net ads join -U me createcomputer="/myOU/" and it seems to succeed. net ads testjoin, net ads info, etc all seem to work correctly. When I try to connect remotely or use smbclient locally with -U me -W domain.org it fails with "session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE" and I see errors like: [2007/0...

...ion occurred"; I get the same error from Apache > Directory > Studio, too - details are as follows: > > Error while creating entry > - [LDAP: error code 19 - 0000202F: replmd_add: error during direct > ADD: No > rDN found in replPropertyMetaData for > mytype=abc123,OU=myou,DC=mydomain,DC=org,DC=uk > > I have checked using the 'Active Directory Schema' MMC snap-in, and > my > custom schema classes and attributes do still seem to be showing as > present > and correct, just as I originally added them many months ago - I > can't spot &gt...

...as follows : [root@oracle1 CRBN]# ll total 4 drwx------ 4 CRBN\elesouef CRBN\ssiom 4096 sep 18 15:15 elesouef Is it possible to strip the domain part of these permissions ? * And finally, is it possible to restrict authentications to this AD Samba domain member to a particular OU, such as : OU=myOU,DC=crbn,DC=intra Thanks for your help. -- Emmanuel Lesouef CRBN | DSI t : 0231069671 e : e.lesouef@crbn.fr

...int violation occurred"; I get the same error from Apache Directory > Studio, too - details are as follows: > > Error while creating entry > - [LDAP: error code 19 - 0000202F: replmd_add: error during direct ADD: No > rDN found in replPropertyMetaData for > mytype=abc123,OU=myou,DC=mydomain,DC=org,DC=uk > > I have checked using the 'Active Directory Schema' MMC snap-in, and my > custom schema classes and attributes do still seem to be showing as present > and correct, just as I originally added them many months ago - I can't spot > any problems t...

...et the same error from Apache Directory >> Studio, too - details are as follows: >> >> Error while creating entry >> - [LDAP: error code 19 - 0000202F: replmd_add: error during direct ADD: >> No >> rDN found in replPropertyMetaData for >> mytype=abc123,OU=myou,DC=mydomain,DC=org,DC=uk >> >> I have checked using the 'Active Directory Schema' MMC snap-in, and my >> custom schema classes and attributes do still seem to be showing as >> present >> and correct, just as I originally added them many months ago - I can't...