On 01/03/2021 19:24, Roland Gruber wrote:
The issue is also on Samba 4.13.4 and can be reproduced with local
ldapmodify command. But it seems to be related to the object class /
attribute definition.
The same type of operation to add e.g. shadow account works without
any issues:
changetype: modify
add: objectClass
objectClass: shadowAccount
-
add: shadowWarning
shadowWarning: 123
-
@Rowland: do you see any issues in the schema definition provided by
Joshua? I never saw this error on other schema extensions.
No, I do not see any problem with the schema extension, but I do with
the way you are running ldbmodify.
This simple script:
#!/bin/bash
KEY=$(sed '/PRIVATE KEY/d' /home/rowland/false_id_rsa)
keyldif=''
count=1
for line in $KEY
do
if [ $count = 1 ]; then
keyldif="$line"
count=$((count+1))
else
keyldif="$keyldif
$line"
count=$((count+1))
fi
done
keyaddldif="dn: CN=Albert User,CN=Users,DC=samdom,DC=example,DC=com
changetype: modify
objectClass: ldapPublicKey
sshPublicKey: $keyldif
"
echo "$keyaddldif" | ldbmodify -H ldap://dc01 -UAdministrator
--password=xxxxxxxxxx # I removed the password
exit 0
Results in this (snipped) object in AD:
dn: CN=Albert User,CN=Users,DC=samdom,DC=example,DC=com
........................................
objectClass: top
objectClass: ldapPublicKey
objectClass: person
objectClass: organizationalPerson
objectClass: user
whenChanged: 20210228114337.0Z
uSNChanged: 1518537
sshPublicKey:
MIIEpAIBAAKCAQEAuzcrOUvKaWA7aDdbB5e2GnHTP1EVUI0l8RRNwd87rrILV9Q3
lNeCKhQUDz1MSQvNrin16aF66qIO1Men2mdqsXyGXgeDbB+o+p4+06bADRbO8aUulpahpM1mCsZxX
DKSw1MrYqBMKZlLkRkUWfj0O63sU2pogcslI5d4CUn/mmRTyG3xpfM06pi2I9EG+6ghdcrG3Wjt2w
GBLZz4iMpyTbIYb6Hdu6FragucUxbn9AZylUriI7+tdwsSRMeVTH3QbgJZAu3znua6oK9Eh6ygjFP
5HeEPRJgzTKe1O5nwBVRNquVAYYADyR0xi5Odl7UtO+pQ2q4h6ySs6fIRRk1iewIDAQABAoIBAQCu
NwZ4CPlQ2gYuUuTYyerh7O5By3hkPxUBpH0/XjaxuGkp0Afw8CLmeUy5abdleiBqZA283VH+qdPXW
fvvF7GHfHOlaKR5p3Sd00hvuIqbI5Br+eTCqWW+cIz2lffDbiR4sxp6auS1CTvyyD3SBANyzcRPU4
Pw1FO5LSi8rCm5Ru/Num0S+xoGm9HZcDLd2KnAaJT4luTsnvJ3tVrea8bjhUk3J0WwFcY3lI6/BtT
puG5+1623tuqPkwdprUtehS4ObT/NusuVYhi0x7f7AX02LFpvDnVdh/6j4dIqDlnlcNTzNmvrw1hf
Waz4n8Q1Upa0p7EnZPvl8Ep0wBrqAAVBAoGBAN+xPjSBMwJ4OmxRt2Pcodn8aI9Wq14YCd+mvcOLk
sD6n7PKcvOqXUqXyXmOAMVDJEyhdhscdProPe7zKbP6CpzxXg/wnIq5sq9I83WaqM/4t1LbsnFMvm
Ozl1ac6hSEOXCf28KzBDD2SPNlyFD0TDuXKG4gJ0uAWiNiwl1oWesLAoGBANZBPOhmJD2OFykuwFF
MuxvWw5J8OL2PdDBA9uNNmbpx36xy8X2CdpD6TzS/AGiWpo6Ya/EvJnyzEAlZVmXI9OyH5yDe06IZ
wnisA1EeQYc4I0ZpO83uUyPc3O5VEv17My7l1NjjWjdfOYGg29fYhATUhn09p0WX2SsvV94R8IxRA
oGAJkJBWmeSmuSHUYl0bU8KG6dxFrsDGlfQMIFrSWuw0PLMp8qDeKt1w1FMs06XUSXXqoefFKn8VA
GuvhS22EJ22DrsFJvZmlyCdDps8XtfThrC+Bf9YCV5FsJbqwOxgYrP7DRbOOS3Xcxx07df2IDAHR0
QXC2Bqwcr44t7pNA5ONsCgYA/cUXl0wj8KSz2ht9vs3bcQXXb1GjAyM+w0ivJFttkd/+xgr+7WHxf
ZZ86kSw/zAw5wSyFWF7fIe6ntgp9TUopF/z6oMCuCU6qiNTamkjxD1ByswqAage4YNgSwqJC6M45H
tkt9/Ro3QucNNOkUHqXK48/WphDZTlrLjOokEtYYQKBgQDUhFw51ICMbV/gx+C3TO5/nq09b2h7oT
vS7NRRJgkAD1d6pegt7DMU6T89Abxh+fDvJ51GcXxKVIPS98LqpAE93u7t6YMbpFkjaQh+sa8Fpg6
/YORkkJvvbAkJwMyGwI+JU6oxWKKpz9NolBeqU3UcOs5DKwzP+CLt4+dgjsw5Hg==
distinguishedName: CN=Albert User,CN=Users,DC=samdom,DC=example,DC=com
Do not use 'add' in the ldif.
All I can say is that works for me.
Rowland
_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public
