Le 31/05/2018 à 16:53, Clément OUDOT a écrit :
Le 31/05/2018 à 16:07, Julien TEHERY a écrit :
mai 31 15:48:04 - ERROR - Error while modifying entry
CN=Mygroup,OU=Groups,DC=dstdomain,DC=lan in directory
:javax.naming.NameNotFoundException: [LDAP: error code 32 - 00002030:
Unable to find GUID for DN uid=user1,cn=users,dc=dstdomain,dc=lan];
remaining name 'CN=Mygroup,OU=Groups'
This error is related to AD/Samba constraints. It seems you must have a
guid attribute in user entry before adding it into a group.
Do you mean we must have this attribute on destination directory?
From what i can see, a user migrated in ad/samba4 has this attribute
objectGUID::
That's the only one related to GUID.
The fact is actually js script returns memberuid and we should have a
complete dn instead.
I'm not sure to understand what's going wrong whith that as we don't
have duplicated users, or same DNs with different GUIDs.
For instance I don't have any solution with this issue.
For test purpose, i created a new OU called migrationgroups and added
overlay memberof on source LDAP server.
Then I succeeded in converting posixgroups to groupofnames from "groups"
to "migrationgroups" OU.
But now i don't see if this really helps me or not as the LDAP to AD
procedure is based on groupOfUniqueNames attribute instead of groupofnames
I'm considering the possibility to do the same with a shell script to
retrieve users from former LDAP group and add them to samba4 groups, but
it would be a pitty to not use your precious tool
As you see I 'm a bit confused :)
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
