Bug 576 - Can't Add/Delete LDAP accounts
Can't Add/Delete LDAP accounts
Status: RESOLVED DUPLICATE of bug 726
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts
3.0.0
All Linux
: P3 major
: none
Assigned To: Gerald (Jerry) Carter
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2003-10-06 16:34 UTC by Tim Spriggs
Modified: 2005-11-14 09:24 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Spriggs 2003-10-06 16:34:23 UTC
I have tried to add an account using smbpasswd -a tims and I get the following
error:

  rhea:/usr/src/samba/cvs# smbpasswd -L -a tims 
  New SMB password:
  Retype new SMB password:
  Failed initialise SAM_ACCOUNT for user tims.
  Failed to modify password entry for user tims

When I look through the debug info(smbpasswd -a tims -D 5)

I see:

rhea:/usr/src/samba/cvs# smbpasswd -a tims -D 5
Netbios name list:-
my_netbios_names[0]="RHEA"
New SMB password:
Retype new SMB password:
Trying to load: ldapsam:ldap://rhea.engr.arizona.edu
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match
ldapsam:ldap://rhea.engr.arizona.edu (ldapsam)
Found pdb backend ldapsam
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=ENGR))]
smbldap_search_suffix: searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=ENGR))]
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
pdb backend ldapsam:ldap://rhea.engr.arizona.edu has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
smbldap_search_suffix: searching for:[(&(uid=tims)(objectclass=sambaSamAccount))]
ldapsam_getsampwnam: Unable to locate user [tims] count=0
Finding user tims
Trying _Get_Pwnam(), username as lowercase is tims
Trying _Get_Pwnam(), username as uppercase is TIMS
Checking combinations of 0 uppercase letters in tims
Get_Pwnam_internals didn't find user [tims]!
Failed initialise SAM_ACCOUNT for user tims.
Failed to modify password entry for user tims

When searching for tims, the objectClass=sambaSAMAccount does not exist in the
ldap entry. "smbpasswd -a tims" should add the sambaSAMAccount objectClass to
the existing entry (uid=tims,ou=people,dc=...). 

I have ldap-nss libraries installed and configured so "tims" is a valid user on
the system(but not in the passwd file).


(side note)

I think the work the Samba Team has done is amazing! Thank you for all of your
efforts!

(/side note)
Comment 1 Tim Spriggs 2003-10-07 09:52:20 UTC
ok, I was slightly mistaken, you can add accounts but deleting them is not
possible. I restarted my ldap server as well as nscd and I could add tims.

This is because the system "saw" tims as an actual user.

The problem still exists for deleting an entry. I get an LDAP error from the
samba debug output:

[... snipped ...]
ldapsam_delete_entry: Could not delete attributes for
uid=tims,ou=People,dc=engr,dc=arizona,dc=edu, error: Naming violation (naming
attribute 'uid' is not present in entry)
Failed to delete entry for user tims.
Failed to modify password entry for user tims
Comment 2 Tim Spriggs 2003-10-20 11:08:57 UTC
To be a little more helpfull, when deleting information from an ldap entry, you
only want to delete the information that needs to be deleted. For example, if an
ldap entry has multiple objectClasses (EG: posixAccount + sambAccount) that
share attributes, the attributes that do not exist in any of the other
objectclasses should be deleted when removing the sambaAcccount object class.
___UID___ should not be deleted because it is essential to the posixAccount
objectClass. Also, the dn of many entries look something like:
uid=username,ou=People,dc=example,dc=com

When the attribute uid is deleted, the error seen in the previoues email is seen.
Comment 3 Gerald (Jerry) Carter 2003-11-24 06:27:41 UTC
bug is against 3.0
Comment 4 Gerald (Jerry) Carter 2003-12-04 08:08:29 UTC

*** This bug has been marked as a duplicate of 726 ***
Comment 5 Gerald (Jerry) Carter 2005-11-14 09:24:39 UTC
database cleanup