search for: someou

...hat (on my current DCs, running 4.18.5), ldbsearch *does* seem to return the expected result, but the same query via ldapsearch does not. dc2$ sudo ldbsearch -H /usr/local/samba/private/sam.ldb "(&(objectCategory=Person)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=CN=somegroup,OU= someou,DC=mydomain,DC=org))" samAccountName # Record 1 [...] # record 39 dn: CN=A User,OU=Users,OU=someou,DC=mydomain,DC=org sAMAccountName: auser # Referral [...] # returned 42 records # 39 entries # 3 referrals whereas no results are returned for the same query run via ldapsearch, even running t...

...ng > 4.18.5), ldbsearch *does* seem to return the expected result, but the > same query via ldapsearch does not. > > dc2$ sudo ldbsearch -H /usr/local/samba/private/sam.ldb > "(&(objectCategory=Person)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=CN=somegroup,OU= > someou,DC=mydomain,DC=org))" samAccountName > # Record 1 > [...] > # record 39 > dn: CN=A User,OU=Users,OU=someou,DC=mydomain,DC=org > sAMAccountName: auser > > # Referral > [...] > # returned 42 records > # 39 entries > # 3 referrals > > > whereas no results...

...I know 4.19.x is out > now as well) > > Here's a search that now returns nothing after my DC upgrades; this > exact search used to work just fine: > (& > (objectCategory=Person) > (sAMAccountName=*) > (memberOf:1.2.840.113556.1.4.1941:=CN=somegroup,OU=someou,DC=mydomain,DC=org) > ) > > But if I remove the matching rule specifier, it does return a number of results: > (& > (objectCategory=Person) > (sAMAccountName=*) > (memberOf=CN=somegroup,OU=someou,DC=mydomain,DC=org) > ) > > The data in my AD hasn'...

...I should have upgraded much earlier.. Yes, I know 4.19.x is out now as well) Here's a search that now returns nothing after my DC upgrades; this exact search used to work just fine: (& (objectCategory=Person) (sAMAccountName=*) (memberOf:1.2.840.113556.1.4.1941:=CN=somegroup,OU=someou,DC=mydomain,DC=org) ) But if I remove the matching rule specifier, it does return a number of results: (& (objectCategory=Person) (sAMAccountName=*) (memberOf=CN=somegroup,OU=someou,DC=mydomain,DC=org) ) The data in my AD hasn't changed; I am guessing that LDAP_MATCHING_RULE_I...

...users.csv | awk -F "|" '{system("samba-tool user create "$5" --surname=\""$3"\" --given-name=\""$4"\" \     --department="$1" --mail-address="$7" --telephone-number="$6" --random-password --userou=ou=SOMEOU ") }'   Or ## Shown in ad example :  L.P.H. van Belle cat users.csv | awk -F ";" '{system("/usr/bin/samba-tool user create "$5" --mail-address="$7" \ --given-name="$2" --surname=\""$3"\" --telephone-number="$6&...

...s not. > > What if you try to use starttls instead of ldaps? > > ldapseach -H ldap://dc2.mydomain.org-ZZ -x -W -D Administrator at mydomain > -b "dc=mydomain,dc=org" > "(&(objectCategory=Person)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=CN=somegroup,OU=someou,DC=mydomain,DC=org))" Good thinking. Unfortunately, identical results with ldap:// and -ZZ, the search still doesn't return any results :( I'll figure out a way to script restoration of the domain into different samba versions via docker, and use git bisect to track down when things...

...s, I know 4.19.x is out > now as well) > > Here's a search that now returns nothing after my DC upgrades; this > exact search used to work just fine: > (& > (objectCategory=Person) > (sAMAccountName=*) > (memberOf:1.2.840.113556.1.4.1941:=CN=somegroup,OU=someou,DC=mydo > main,DC=org) > ) > > But if I remove the matching rule specifier, it does return a number > of results: > (& > (objectCategory=Person) > (sAMAccountName=*) > (memberOf=CN=somegroup,OU=someou,DC=mydomain,DC=org) > ) > > The data in my A...

...t listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } } Whole dovecot-ldap.conf: hosts = 192.168.8.5:3268 192.168.8.6:3268 dn = CN=SomeUser,OU=SomeOU,DC=domain,DC=ru dnpass = password tls = no debug_level = 0 auth_bind = yes ldap_version = 3 base = DC=domain,DC=ru deref = never scope = subtree user_filter = (&(mail=%u)(objectclass=user)(memberOf=CN=Mail,OU=SomeOU,DC=domain,DC=ru)) pass_filter = (&(mail=%u)(objectclass=user)(mem...

...F=8192 passdb backend = ldapsam:"ldap://localhost.domain.de" encrypt passwords = true obey pam restrictions = yes unix password sync = no check password script = /sbin/crackcheck -c -d /var/cache/cracklib/cracklib_dict ldap suffix = dc=someou,dc=someou,dc=de ldap admin dn = cn=admin,dc=someou,dc=someou,dc=de ldap group suffix = ou=groups ldap user suffix = ou=people ldap machine suffix = ou=people ldap idmap suffix = ou=idmap ldap passwd sync = no ldap ssl = start tls...

...n,DC=org] objects[99/99] linked_values[28/28] > > Partition[DC=mydomain,DC=org] objects[501/886] linked_values[0/61] > > Partition[DC=mydomain,DC=org] objects[903/886] linked_values[0/718] > > ../lib/ldb/ldb_tdb/ldb_index.c:2352: duplicate attribute value in > > CN=somePC,OU=someOU,OU=Computers,OU=mysite,DC=mydomain,DC=org for > > index on servicePrincipalName, duplicate of objectGUID > > 00000000-1111-2222-3333-444444444444 in > > @INDEX:SERVICEPRINCIPALNAME:RESTRICTEDKRBHOST/SOMEPC > > [lots of these] > > I think you may be running into this bu...

...quot;|" '{system("samba-tool user create "$5" --surname=\""$3"\" --given-name=\""$4"\" \ > > > > --department="$1" --mail-address="$7" --telephone-number="$6" --random-password --userou=ou=SOMEOU ") }' > > > > > > > > Or > > > > ## Shown in ad example : L.P.H. van Belle > > > > cat users.csv | awk -F ";" '{system("/usr/bin/samba-tool user create "$5" --mail-address="$7" \ > > > >...

...se DN of the domain Partition[DC=mydomain,DC=org] objects[99/99] linked_values[28/28] Partition[DC=mydomain,DC=org] objects[501/886] linked_values[0/61] Partition[DC=mydomain,DC=org] objects[903/886] linked_values[0/718] ../lib/ldb/ldb_tdb/ldb_index.c:2352: duplicate attribute value in CN=somePC,OU=someOU,OU=Computers,OU=mysite,DC=mydomain,DC=org for index on servicePrincipalName, duplicate of objectGUID 00000000-1111-2222-3333-444444444444 in @INDEX:SERVICEPRINCIPALNAME:RESTRICTEDKRBHOST/SOMEPC [lots of these] Should I be worried by either of these two messages? (unable to determine DomainSID, and...

...What if you try to use starttls instead of ldaps? >> >> ldapseach -H ldap://dc2.mydomain.org-ZZ -x -W -D Administrator at mydomain >> -b "dc=mydomain,dc=org" >> "(&(objectCategory=Person)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=CN=somegroup,OU=someou,DC=mydomain,DC=org))" > Good thinking. Unfortunately, identical results with ldap:// and -ZZ, > the search still doesn't return any results :( > > I'll figure out a way to script restoration of the domain into > different samba versions via docker, and use git bisect to...

...s well) > > > > Here's a search that now returns nothing after my DC upgrades; this > > exact search used to work just fine: > > (& > > (objectCategory=Person) > > (sAMAccountName=*) > > (memberOf:1.2.840.113556.1.4.1941:=CN=somegroup,OU=someou,DC=mydo > > main,DC=org) > > ) > > > > But if I remove the matching rule specifier, it does return a number > > of results: > > (& > > (objectCategory=Person) > > (sAMAccountName=*) > > (memberOf=CN=somegroup,OU=someou,DC=mydomai...

...sing 4.9.2 on one of my DCs and on the DC that is being newly joined, and I am still having the problem. (My two other DCs are still on 4.9.0) For reference, this is the type of error I'm getting when joining my DC: ../lib/ldb/ldb_tdb/ldb_index.c:2352: duplicate attribute value in CN=somePC,OU=someOU,OU=Computers,OU=mysite,DC=mydomain,DC=org for index on servicePrincipalName, duplicate of objectGUID 00000000-1111-2222-3333-444444444444 in @INDEX:SERVICEPRINCIPALNAME:RESTRICTEDKRBHOST/SOMEPC Cheers Jonathan -- "If we knew what it was we were doing, it would not be called research, would...

...Partition[DC=mydomain,DC=org] objects[99/99] linked_values[28/28] > Partition[DC=mydomain,DC=org] objects[501/886] linked_values[0/61] > Partition[DC=mydomain,DC=org] objects[903/886] linked_values[0/718] > ../lib/ldb/ldb_tdb/ldb_index.c:2352: duplicate attribute value in > CN=somePC,OU=someOU,OU=Computers,OU=mysite,DC=mydomain,DC=org for > index on servicePrincipalName, duplicate of objectGUID > 00000000-1111-2222-3333-444444444444 in > @INDEX:SERVICEPRINCIPALNAME:RESTRICTEDKRBHOST/SOMEPC > [lots of these] > > Should I be worried by either of these two messages? (unab...

...join mydomain.org DC -U myadmin --site=mysite > > > --server=dc3 > > > [...] > > > Replicating critical objects from the base DN of the domain > > > [...] > > > ../lib/ldb/ldb_tdb/ldb_index.c:2352: duplicate attribute value in > > > CN=somePC,OU=someOU,OU=Computers,OU=mysite,DC=mydomain,DC=org for > > > index on servicePrincipalName, duplicate of objectGUID > > > 00000000-1111-2222-3333-444444444444 in > > > @INDEX:SERVICEPRINCIPALNAME:RESTRICTEDKRBHOST/SOMEPC > > > [lots of these] > > > > I think y...

...Cs and on the DC that is being newly joined, and I am > still having the problem. (My two other DCs are still on 4.9.0) > > For reference, this is the type of error I'm getting when joining my > DC: ../lib/ldb/ldb_tdb/ldb_index.c:2352: duplicate attribute value in > CN=somePC,OU=someOU,OU=Computers,OU=mysite,DC=mydomain,DC=org for > index on servicePrincipalName, duplicate of objectGUID > 00000000-1111-2222-3333-444444444444 in > @INDEX:SERVICEPRINCIPALNAME:RESTRICTEDKRBHOST/SOMEPC > > Cheers > > Jonathan > Try this to search for computers: ldbsearch...

...600 user = dovecot-test group = mail } } } -- dovecot.conf --- --- --- --- -- dovecot-ldap.conf (dovecot-ldap.conf_passdb and dovecot-ldap.conf_userdb are symlinks to this file) hosts = ldap.mydomain.me dn = uid=dovecot,ou=someou,dc=mydomain,dc=me dnpass = pass tls = no auth_bind = yes ldap_version = 3 base = dc=mydomain,dc=me scope = subtree deref = never user_global_uid = dovecot-test user_global_gid = mail # user_filter = (&(objectclass=inetlocalmailrecipient)(mail=%u)) # user_attrs = uid=user, uid=...

Hi All, As a result of a company restructure and name change we need to change our AD domain. I know that we can't change the AD domain name in Samba 4, so I'm looking at the smoothest way to migrate everything from one domain to another. Is there any (properly working) way we can export users, groups and policies from one domain and import them into another? I've spent a few