Mandi! Rowland Penny via samba In chel di` si favelave...> > No. Anyway, note that query return correctly 'result: 0 Success', > > simply return no data. > That just means the search retuned without errorEh. Query succeded and return no data. Yes.> If you run the command: > ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D > CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b > DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" > Does it produce the entire users object ?No, query succeded and return no data. root at vdcsv1:~# ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" Enter LDAP Password: # extended LDIF # # LDAPv3 # base <DC=ad,DC=fvg,DC=lnf,DC=it> with scope subtree # filter: (cn=prova123) # requesting: ALL # # search reference ref: ldap://ad.fvg.lnf.it/CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it # search reference ref: ldap://ad.fvg.lnf.it/DC=DomainDnsZones,DC=ad,DC=fvg,DC=lnf,DC=it # search reference ref: ldap://ad.fvg.lnf.it/DC=ForestDnsZones,DC=ad,DC=fvg,DC=lnf,DC=it # search result search: 2 result: 0 Success # numResponses: 4 # numReferences: 3 While, against a working DC: root at vdcsv1:~# ldapsearch -H ldap://vdcpp2.ad.fvg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" Enter LDAP Password: # extended LDIF # # LDAPv3 # base <DC=ad,DC=fvg,DC=lnf,DC=it> with scope subtree # filter: (cn=prova123) # requesting: ALL # # prova123, Aliases, FVG, ad.fvg.lnf.it dn: CN=prova123,CN=Aliases,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it objectClass: top objectClass: nisMailAlias cn: prova123 instanceType: 4 whenCreated: 20171218110150.0Z uSNCreated: 3516 name: prova123 objectGUID:: MScBgo7I3UmoAnFId/scow= objectCategory: CN=inetLocalMailRecipient,CN=Schema,CN=Configuration,DC=ad,DC fvg,DC=lnf,DC=it whenChanged: 20181126155319.0Z uSNChanged: 1649048 rfc822MailMember: gaio rfc822MailMember: marco.gaiarin distinguishedName: CN=prova123,CN=Aliases,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it # search reference ref: ldap://ad.fvg.lnf.it/CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it # search reference ref: ldap://ad.fvg.lnf.it/DC=DomainDnsZones,DC=ad,DC=fvg,DC=lnf,DC=it # search reference ref: ldap://ad.fvg.lnf.it/DC=ForestDnsZones,DC=ad,DC=fvg,DC=lnf,DC=it # search result search: 2 result: 0 Success # numResponses: 5 # numEntries: 1 # numReferences: 3 -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
On Thu, 29 Nov 2018 10:52:30 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote:> Mandi! Rowland Penny via samba > In chel di` si favelave... > > > > No. Anyway, note that query return correctly 'result: 0 Success', > > > simply return no data. > > That just means the search retuned without error > > Eh. Query succeded and return no data. Yes. > > > > If you run the command: > > ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D > > CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b > > DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" > > Does it produce the entire users object ? > > No, query succeded and return no data. >Whilst there are attributes that do not get replicated between DC's, the majority are, so each DC should allow the same access. Do you have access to the DC ? Can you run the search locally ? If it works locally, then something is getting in the way. If it doesn't work locally, then there is something wrong with AD on that computer. Rowland
Mandi! Rowland Penny via samba In chel di` si favelave...> Whilst there are attributes that do not get replicated between DC's, > the majority are, so each DC should allow the same access. > Do you have access to the DC ? > Can you run the search locally ?Sure! As just stated, local access (via ldbsearch against the local SAM) works as expected: root at vdcpp1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "DC=ad,DC=fvg,DC=lnf,DC=it" "(cn=prova123)" # record 1 dn: CN=prova123,CN=Aliases,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it objectClass: top objectClass: nisMailAlias cn: prova123 instanceType: 4 whenCreated: 20171218110150.0Z uSNCreated: 7923 name: prova123 objectGUID: 82012731-c88e-49dd-a802-714877fb1ca3 objectCategory: CN=inetLocalMailRecipient,CN=Schema,CN=Configuration,DC=ad,DC fvg,DC=lnf,DC=it whenChanged: 20181126155319.0Z uSNChanged: 1662169 rfc822MailMember: gaio rfc822MailMember: marco.gaiarin distinguishedName: CN=prova123,CN=Aliases,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it # Referral ref: ldap://ad.fvg.lnf.it/CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it # Referral ref: ldap://ad.fvg.lnf.it/DC=DomainDnsZones,DC=ad,DC=fvg,DC=lnf,DC=it # Referral ref: ldap://ad.fvg.lnf.it/DC=ForestDnsZones,DC=ad,DC=fvg,DC=lnf,DC=it # returned 4 records # 1 entries # 3 referrals> If it works locally, then something is getting in the way. > If it doesn't work locally, then there is something wrong with AD on > that computer.Arnaud, in private email, suggest to check the sddl of that specific object. But how can i check that? -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)