Hello Matthieu, 1) Yes is a typo sorry.2) ldbsearch -H ldap://<dc_ip> --cross-ncs '(ldapdisplayname=iscA)' -U <admin>%<password> give (have to authenticate if it is not work) :
# record 1 dn: CN=iscA,CN=Schema,CN=Configuration,DC=sc,DC=isc84,DC=org objectClass: top objectClass: classSchema cn: iscA instanceType: 4 whenCreated: 20120523130147.0Z whenChanged: 20120523130147.0Z uSNCreated: 5642 subClassOf: top governsID: 1.2.840.113556.1.8000.2554.999999.1 mayContain: iscA1 rDNAttID: cn showInAdvancedViewOnly: TRUE objectClassCategory: 3 lDAPDisplayName: iscA name: iscA objectGUID: 39a53446-19e6-4f67-a280-14fce546e475 schemaIDGUID: f0a54822-d855-40b1-8afd-421933f5824ddefaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPC
RCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=sc,DC=isc84,DC=o rg defaultObjectCategory: CN=iscA,CN=Schema,CN=Configuration,DC=sc,DC=isc84,DC=org
uSNChanged: 5643 distinguishedName: CN=iscA,CN=Schema,CN=Configuration,DC=sc,DC=isc84,DC=org # returned 1 records # 1 entries # 0 referrals3) ldbsearch -H ldap://dc_ip --cross-ncs '(auxiliaryClass=iscA)' -U <admin>%<password> give
# record 1 dn: CN=User,CN=Schema,CN=Configuration,DC=sc,DC=isc84,DC=org objectClass: top objectClass: classSchema cn: User instanceType: 4 whenCreated: 20120523124800.0Z uSNCreated: 1787 subClassOf: organizationalPerson governsID: 1.2.840.113556.1.5.9 mayContain: msSFU30NisDomain mayContain: msSFU30Name mayContain: msDS-SourceObjectDN mayContain: x500uniqueIdentifier mayContain: userSMIMECertificate mayContain: userPKCS12 mayContain: uid mayContain: secretary mayContain: roomNumber mayContain: preferredLanguage mayContain: photo mayContain: labeledURI mayContain: jpegPhoto mayContain: homePostalAddress mayContain: givenName mayContain: employeeType mayContain: employeeNumber mayContain: displayName mayContain: departmentNumber mayContain: carLicense mayContain: audio rDNAttID: cn showInAdvancedViewOnly: TRUE adminDisplayName: User adminDescription: User objectClassCategory: 1 lDAPDisplayName: user name: User objectGUID: 399ff624-5ec8-4379-8f6a-09cdf0bd0594 schemaIDGUID: bf967aba-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemPossSuperiors: builtinDomain systemPossSuperiors: organizationalUnit systemPossSuperiors: domainDNS systemMayContain: msTSPrimaryDesktop systemMayContain: msTSSecondaryDesktops systemMayContain: msPKI-CredentialRoamingTokens systemMayContain: msDS-ResultantPSO systemMayContain: msTSLSProperty01 systemMayContain: msTSLSProperty02 systemMayContain: msTSManagingLS2 systemMayContain: msTSManagingLS3 systemMayContain: msTSManagingLS4 systemMayContain: msTSLicenseVersion2 systemMayContain: msTSLicenseVersion3 systemMayContain: msTSLicenseVersion4 systemMayContain: msTSExpireDate2 systemMayContain: msTSExpireDate3 systemMayContain: msTSExpireDate4 systemMayContain: msDS-AuthenticatedAtDC systemMayContain: msDS-UserPasswordExpiryTimeComputed systemMayContain: msTSManagingLS systemMayContain: msTSLicenseVersion systemMayContain: msTSExpireDate systemMayContain: msTSProperty02 systemMayContain: msTSProperty01 systemMayContain: msTSInitialProgram systemMayContain: msTSWorkDirectory systemMayContain: msTSDefaultToMainPrinter systemMayContain: msTSConnectPrinterDrives systemMayContain: msTSConnectClientDrives systemMayContain: msTSBrokenConnectionAction systemMayContain: msTSReconnectionAction systemMayContain: msTSMaxIdleTime systemMayContain: msTSMaxConnectionTime systemMayContain: msTSMaxDisconnectionTime systemMayContain: msTSRemoteControl systemMayContain: msTSAllowLogon systemMayContain: msTSHomeDrive systemMayContain: msTSHomeDirectory systemMayContain: msTSProfilePath systemMayContain: msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon systemMayContain: msDS-FailedInteractiveLogonCount systemMayContain: msDS-LastFailedInteractiveLogonTime systemMayContain: msDS-LastSuccessfulInteractiveLogonTime systemMayContain: msRADIUS-SavedFramedIpv6Route systemMayContain: msRADIUS-FramedIpv6Route systemMayContain: msRADIUS-SavedFramedIpv6Prefix systemMayContain: msRADIUS-FramedIpv6Prefix systemMayContain: msRADIUS-SavedFramedInterfaceId systemMayContain: msRADIUS-FramedInterfaceId systemMayContain: msPKIAccountCredentials systemMayContain: msPKIDPAPIMasterKeys systemMayContain: msPKIRoamingTimeStamp systemMayContain: msDS-SupportedEncryptionTypes systemMayContain: msDS-SecondaryKrbTgtNumber systemMayContain: pager systemMayContain: o systemMayContain: mobile systemMayContain: manager systemMayContain: mail systemMayContain: initials systemMayContain: homePhone systemMayContain: businessCategory systemMayContain: userCertificate systemMayContain: userWorkstations systemMayContain: userSharedFolderOther systemMayContain: userSharedFolder systemMayContain: userPrincipalName systemMayContain: userParameters systemMayContain: userAccountControl systemMayContain: unicodePwd systemMayContain: terminalServer systemMayContain: servicePrincipalName systemMayContain: scriptPath systemMayContain: pwdLastSet systemMayContain: profilePath systemMayContain: primaryGroupID systemMayContain: preferredOU systemMayContain: otherLoginWorkstations systemMayContain: operatorCount systemMayContain: ntPwdHistory systemMayContain: networkAddress systemMayContain: msRASSavedFramedRoute systemMayContain: msRASSavedFramedIPAddress systemMayContain: msRASSavedCallbackNumber systemMayContain: msRADIUSServiceType systemMayContain: msRADIUSFramedRoute systemMayContain: msRADIUSFramedIPAddress systemMayContain: msRADIUSCallbackNumber systemMayContain: msNPSavedCallingStationID systemMayContain: msNPCallingStationID systemMayContain: msNPAllowDialin systemMayContain: mSMQSignCertificatesMig systemMayContain: mSMQSignCertificates systemMayContain: mSMQDigestsMig systemMayContain: mSMQDigests systemMayContain: msIIS-FTPRoot systemMayContain: msIIS-FTPDir systemMayContain: msDS-User-Account-Control-Computed systemMayContain: msDS-Site-Affinity systemMayContain: mS-DS-CreatorSID systemMayContain: msDS-Cached-Membership-Time-Stamp systemMayContain: msDS-Cached-Membership systemMayContain: msDRM-IdentityCertificate systemMayContain: msCOM-UserPartitionSetLink systemMayContain: maxStorage systemMayContain: logonWorkstation systemMayContain: logonHours systemMayContain: logonCount systemMayContain: lockoutTime systemMayContain: localeID systemMayContain: lmPwdHistory systemMayContain: lastLogonTimestamp systemMayContain: lastLogon systemMayContain: lastLogoff systemMayContain: homeDrive systemMayContain: homeDirectory systemMayContain: groupsToIgnore systemMayContain: groupPriority systemMayContain: groupMembershipSAM systemMayContain: dynamicLDAPServer systemMayContain: desktopProfile systemMayContain: defaultClassStore systemMayContain: dBCSPwd systemMayContain: controlAccessRights systemMayContain: codePage systemMayContain: badPwdCount systemMayContain: badPasswordTime systemMayContain: adminCount systemMayContain: aCSPolicyName systemMayContain: accountExpires systemAuxiliaryClass: securityPrincipal systemAuxiliaryClass: mailRecipientdefaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCD
CLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS) (OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9 819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RP WP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD -0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP; 037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa 006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA ;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD -0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e4 8d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa00 40529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7 f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d 2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561) (OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f4c185e;;S-1-5-32-561) systemFlags: 16 defaultHidingValue: FALSEobjectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=sc,DC=isc84,DC=org defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=sc,DC=isc84,DC=org
auxiliaryClass: shadowAccount auxiliaryClass: posixAccount *auxiliaryClass: iscA* whenChanged: 20120523130208.0Z uSNChanged: 5644 distinguishedName: CN=User,CN=Schema,CN=Configuration,DC=sc,DC=isc84,DC=org # returned 1 records # 1 entries # 0 referrals 4) Script with unixHomeDirectoryIt is ok with "unixHomeDirectory", no error message, last value is printed on the inputbox ...
Now I will read the wiki ...
user.SetInfo/After the execution of this script the right-click above run and I can modify the value of iscA1 attribute for user toto. But I can't see the last value (given by /user.iscA1/) : always empty while in the LDAP database I can see the value is correctly set.Two questions :1) Why the first script fail ? Why must I execute the second script first ?2) Why can't i see the last value of iscA1 when I run the first script ?As you are using auxiliarly class this should work, can we check a few things:1) What is the ouput of ldbsearch -H ldap://dc_ip --cross-ncs '(ldapdisplayname=iscA)' 2) What is the output of ldbsearch -H ldap://dc_ip --cross-ncs '(auxiliaryClass=iscA)'We might have a bug in the way the auxiliary class is registered to its parent class.Could you make a test with you script to set the unixHomeDirectory, it's also linked the user objectclass with the posixaccount auxiliary class.Would be good to trace also the whole stuff, see https://wiki.samba.org/index.php/Capture_Packets https://wiki.samba.org/index.php/Keytab_ExtractionIn how to make capture and extract keytab in order to be able to decrypt encrypted traffic.Matthieu
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Linux] [Info Cyrus] [LARTC] [Bugtraq] [Netfilter] [Internet Dating Forums] [RAID] [Yosemite News] [Photography]
|
|