This is related to the convertSambaAcount script in samba3.0.0beta1. After trying to add back in LDAP the new LDIF file produced by this script (using the new samba.schema that comes in with samba3.0.0.beta1) ldap_add complained with the following error message: # ldapadd -v -x -w secret -D "cn=root,dc=datasoft,dc=com" -h ebola -f new_ldif [...] adding new entry "uid=root, ou=Users, dc=datasoft, dc=com" ldap_add: Undefined attribute type additional info: logontime: attribute type undefined Diffing the old and new ldif files I noticed this: dn: uid=root, ou=Users, dc=datasoft, dc=com cn: root -objectClass: sambaAccount -objectClass: posixAccount -objectClass: top -objectClass: qmailUser +objectclass: posixAccount +objectclass: top +objectclass: qmailUser +objectclass: sambaSamAccount uid: root -pwdLastSet: 1050948491 -logonTime: 0 -logoffTime: 0 -kickoffTime: 0 -pwdCanChange: 1050948491 -displayName: Samba System Administrator +logontime: 0 +logofftime: 0 "logonTime" simply changed to "logontime", instead of "SambaLogonTime", which is the new AttributeType name in the samba3.0.0beta1 ldap schema. The old ldif was dumped out of an LDAP database used in support of samba3-alpha23. I don't know if the convertSambaAccount script changed between samba3-alpha24 and samba3.0.0.beta1
It looks like this happens with all attributes that contain a value of 0. e.g. # grep -i ": 0" /tmp/old_ldif |more logonTime: 0 logoffTime: 0 kickoffTime: 0 uidNumber: 0 gidNumber: 0 pwdLastSet: 0 logonTime: 0 pwdCanChange: 0
Created attachment 37 [details] Now also converting attributes that have 0 set as a value This patch now takes into account attributes that have 0 set as a value.
Now I get this error message: adding new entry "cn=admin,ou=Groups,dc=datasoft,dc=com" ldap_add: Undefined attribute type additional info: ntsid: attribute type undefined
This is the ldfi entry for which the ldapadd operation failed: +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ dn: cn=smbhosts,ou=Groups,dc=datasoft,dc=com objectclass: posixGroup objectclass: top objectclass: sambaGroupMapping cn: smbhosts ntsid: S-1-5-21-1264390313-3394352946-2369289212-11035 ntgrouptype: 2 displayname: smbhosts description: Local Unix group gidnumber: 5017 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ I am guessing ntsid is mapped to something else now, and the mapping is missing in the script.
It looks like the script only converts sambaAccounts and not sambaGroupMappings. ntsid should be mapped to SambaSID. ntgroupType should also be mapped to SambaGroupType. Manually replacing the above accounttype names in the new_ldif resulted in an ldif file that LDAP was able to load.
The older 3.0 cvs installations issue has been addressed by a patch by vorlon@debian.org, which is in CVS and will be in beta2.
Thanks Andrew. It would be nice if a bug was written against his patch. I wouldn't have had to open a new one.
marking as fixed. current version of the script in SAMBA_3_0 seems to address all the issues reported here.
originally reported against 3.0.0beta1. CLeaning out non-production release versions.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.