Bug 9563 - classicupgrade with LDAP
Summary: classicupgrade with LDAP
Status: RESOLVED DUPLICATE of bug 9797
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.0.0
Hardware: x64 Linux
: P5 critical (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-01-15 08:43 UTC by Andreas Matthus
Modified: 2014-03-05 03:26 UTC (History)
1 user (show)

See Also:


Attachments
Patch to make the error clearer (1.32 KB, patch)
2013-01-15 10:55 UTC, Andrew Bartlett
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Matthus 2013-01-15 08:43:48 UTC
Hallo,

on my virtual-server testsystem I copied all needed from real server (debian) with samba3 and LDAP. Clients can work with them. 
All ldap-dev-pakackes installed:

dpkg -l | grep ldap
ii  ldap-utils          2.4.31-1          OpenLDAP utilities
ii  libaprutil1-ldap 1.3.9+dfsg-5   The Apache Portable Runtime Utility Library - LDAP Driver
ii  libldap-2.4-2     2.4.31-1        OpenLDAP libraries
ii  libldap2-dev      2.4.31-1       OpenLDAP development libraries
ii  libnet-ldap-perl 1:0.4001-2   client interface to LDAP servers
ii  libnss-ldap         264-2.2       NSS module for using LDAP as a naming service
ii  libpam-ldap       184-8.5     Pluggable Authentication Module for LDAP
ii  php5-ldap          5.3.3-7+squeeze14    LDAP module for php5
ii  phpldapadmin    1.2.0.5-2+squeeze1    web based interface for administering LDAP servers
ii  smbldap-tools     0.9.9-1       Scripts to manage Unix and Samba accounts stored on LDAP

In smb.conf "ldapsam:trusted = yes" is added to global-section. samba3 is down und ldap up.

I compiled samba-4.0.0 from source and installed it. But classicupdate breaks with error:

/usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=/var/lib/samba --use-xattrs=yes --realm=arch.tu-dresden.de /etc/samba/smb.conf
Reading smb.conf
Provisioning
ERROR(<type 'exceptions.AttributeError'>): uncaught exception - 'NoneType' object has no attribute 'strip'
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 1318, in run
    useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line 600, in upgrade_from_samba3
    ldappass = (secrets_db.get_ldap_bind_pw(ldapuser)).strip('\x00')

What can I do?

with regards 
Andreas Matthus
Comment 1 Andrew Bartlett 2013-01-15 10:55:46 UTC
Created attachment 8432 [details]
Patch to make the error clearer

This patch should print a clearer error message.  Please check that it does, so I can propose this for master.

Once that is verified, the error is, as the message indicates, that the secrets.tdb we found wasn't the one from your previous install, or for some other reason we cannot find the ldap bind pw in it.
Comment 2 Andreas Matthus 2013-01-15 12:23:01 UTC
Hallo Andrew,

thank you for rapidly answer. After patching I get

ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: ldapsam passdb backend detected but no LDAP Bind PW found in secrets.tdb for user %s.  Please point this tool at the secrets.tdb that was used by the previous installation.

So I renew the password with
smbpasswd -w my-secret-pw
and the secrets.tdb change the modify-time. But the error above remain. 

It is possible, I must set the username with a parameter by calling classicupgrade?

with regards
Andreas Matthus
Comment 3 whinpo 2013-02-01 10:51:47 UTC
Hi,

FYI I've had the same issue.

I've modified the patch to display the %s string :
 raise ProvisioningError("ldapsam passdb backend detected but no LDAP Bind PW found in secrets.tdb for user %s.  Please point this tool at the secrets.tdb that was used by the previous installation." % ldapuser )

and then noticed that my ldapuser was appearing with quotation marks

In my smb.conf :

ldap admin dn = "uid=xxx,ou=users,dc=yyyy.com,dc=local"

I've removed the quotation marks in smb.conf 
ldap admin dn = uid=xxx,ou=users,dc=yyyy.com,dc=local

and the error disappeared 

just my two cents ;)

regards
Comment 4 Andreas Matthus 2013-02-06 07:44:32 UTC
Hallo,

> ldap admin dn = "uid=xxx,ou=users,dc=yyyy.com,dc=local"
> 
> I've removed the quotation marks in smb.conf 
> ldap admin dn = uid=xxx,ou=users,dc=yyyy.com,dc=local

Many of thanks, this works for me too. 

But I got a later error:

Next rid = 25357
Exporting posix attributes
ERROR(<type 'exceptions.IndexError'>): uncaught exception - list index out of range
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 1318, in run
    useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line 803, in upgrade_from_samba3
    homes[username] = get_posix_attr_from_ldap_backend(logger, ldb_object, base_dn, username, "homeDirectory")
  File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line 546, in get_posix_attr_from_ldap_backend
    return msg[0][attr][0]

It is possible its my own fault - I slipped a user with a same-name-group. After remove this group I recalld classicupgrade, but I don't know if I must revert something from the first call.

With regards
Andreas Matthus
Comment 5 Andreas Matthus 2013-02-20 09:18:13 UTC
The Error is in 4.0.3 too :-(

Any solution?

with regards
Andreas Matthus
Comment 6 Jerome Grandgeorge 2013-05-24 15:22:42 UTC
Same error here with latest 4.0.6 version. Did the same (a group name that was similar to a user name), don't know if that can help ?
Comment 7 Andreas Matthus 2013-05-27 07:10:05 UTC
(In reply to comment #6)
> Same error here with latest 4.0.6 version. Did the same (a group name that was
> similar to a user name), don't know if that can help ?

No, all duplicate names was chanced before. 

I think the cause can be a overlapping of id-ranges.

with regards
Andreas Matthus
Comment 8 Andrew Bartlett 2014-03-05 03:26:02 UTC

*** This bug has been marked as a duplicate of bug 9797 ***