samba - Oct 2006 - smb.conf ignores "ldap user suffix"

Hello,

Seems like there is a bug in samba configuration with the version 3.0.22 
or later that it doesn't read the configuration variable within the 
smb.conf for ldap settings

ldap user suffix 
Although it's working as long as the users are under the "ldap
suffix"
and samba will search for the uid from the base of the domain (getting 
from "ldap suffix").  So it doesn't matter if you put in to the
"ldap
user suffix" variable whatever value, it doesn't read it (ldap user 
suffix = ou=Users or ldap user suffix =  ou=People or ldap user suffix = 
ou=SoWrongIdon'tReadItAnyway, etc...)  Here is the part of the smb.conf 
file for ldap setting and its log:

  logon drive = H:
  logon home   passdb backend = ldapsam:ldap://127.0.0.1/
  ldap admin dn = cn=Manager,dc=company,dc=com
  ldap suffix = dc=company,dc=com
  ldap group suffix = ou=Groups
  ldap user suffix = ou=Peoplessssssssssssssssssssssssss
  ldap machine suffix = ou=Computerssssssssssssssssss
  ldap idmap suffix = ou=Usersxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  idmap backend = ldap://127.0.0.1
  #ldap ssl = start tls
  ldap delete dn = Yes


Oct 13 14:10:00 sunrise slapd[23846]: conn=557 op=15 SRCH 
base="dc=company,dc=com" scope=2 deref=0 
filter="(&(uid=ttu)(objectClass=sambaSamAccount))"
Oct 13 14:10:00 sunrise slapd[23846]: conn=557 op=15 SRCH attr=uid 
uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange 
sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn 
displayName sambaHomeDrive sambaHomePath sambaLogonScript 
sambaProfilePath description sambaUserWorkstations sambaSID 
sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName 
objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount 
sambaBadPasswordTime sambaPasswordHistory modifyTimestamp 
sambaLogonHours modifyTimestamp
Oct 13 14:10:00 sunrise slapd[23846]: conn=557 op=15 SEARCH RESULT 
tag=101 err=0 nentries=1 text
BTW, it does read the Groups setting "ldap group suffix" but not with 
"ldap user suffix"

Hope this will fix soon.  If anyone knows any patch to fix samba to read 
the "ldap user suffix", please let me know.

Thanks

On Fri, Oct 13, 2006 at 02:30:23PM -0700, Tri Tu wrote:
> Seems like there is a bug in samba configuration with the version 3.0.22 
> or later that it doesn't read the configuration variable within the 
> smb.conf for ldap settings
> 
> ldap user suffix 
We are not consistent here, true. In what sense does it
really cause a problem for you instead of being a bit
inconvenent in the log file?

My general idea with the ldap_xx_suffix parameters would in
general be to use them only when we create new objects and
when searching do subtree level searches starting from 'ldap
suffix' always. The inconsistent search behaviour has caused
quite a number of bugs already, in particular with idmap and
group mapping.

So would anybody object if we changed the use of the
ldap_xx_suffix parameters to be only used when creating
objects?

Thanks,

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20061014/f6b67391/attachment.bin