published by whitemice on Thu, 02/09/2017 - 07:09
So you have a lovely LDIF file of Active Directory schema that you want to import using the ldbmodify tool provided with Samba4... but when you attempt the import it fails with the error:
Error: First line of ldif must be a dn not 'dn'
Modified 0 records with 0 failures
Eh? @&^$*&;@&^@! It does start with a dn: attribute it is an LDIF file!
Once you cool down you look at the file using od, just in case, and you see:
published by whitemice on Tue, 01/22/2013 - 00:00
With either a Windows Active Directory server or a Samba4 Active Directory server very little information is exposed for anonymous searches via LDAP. This means every search has to bind. Simple binds are insecure and in many cases not supported - for good reason, they are hopelessly insecure. But often times one doesn't want to bother with Kerberos (even as great as Kerberos is) due to ticket expiration, keytab paths, etc...