samba - Nov 2003 - [Bug?Report] ldapsam duplication of output if two ldapsam sources

Goog morning,

First of all, my setup :
- Samba 3.0.1pre1 to Samba 3.0.1pre3 (RPM home recompiled from samba.org
   SRPM);
- OpenLDAP 2.0.27 (stock RH9) + Solaris RootDSE patch, all on RH9;
- Two LDAP servers (one master, one slave, replication of all the base);
- Samba setup as PDC + BDC, using Samba3 LDAP schema.

I noticed a few days ago in the NT4 srvtools that the first query (when 
opening the usrmgr.exe) returned all accounts twice.

Further investigating, it seems that this is due to the specification in 
smb.conf of two ldapsam sources (for redundancy and availability) :

 From the LDAP point of vue :
$ ldapsearch -h localhost -D 'cn=Manager,dc=secret,dc=com' -x -w secret 
  '(objectClass=posixAccount)' uid  -LLL | grep ^dn | wc -l
     381

(eg. 380 - see below - plus root redefinition for Samba)

 From Posix PoV :
# getent passwd | wc -l
     416
# wc -l /etc/passwd
      36 /etc/passwd


 From Samba PoV :
If in smb.conf, I set  :
 > passdb backend= ldapsam:ldap://localhost, ldapsam:ldap://slave

I get :
$ pdbedit -L | wc -l
     760

If I set only one LDAP server (localhost only for instance) :
$ pdbedit -L | wc -l
     380

So I know I can avoid the problem by not specifying two sources, but I'd 
prefer setting both, for availability reasons.

Excerpt from smb.conf (testparm output anon'd):

# Global parameters
[global]
         unix charset = UTF8
         workgroup = DOMPARIS
         netbios aliases = DOMPDC01
         server string = DOMPARIS PDC server
         update encrypted = Yes
         passdb backend = ldapsam:ldap://localhost
         passwd program = /usr/local/sbin/smbldap-passwd.pl %u
         passwd chat = *New*password* %n\n *new*password* %n\n
         log level = 1
         log file = /var/log/samba/%m
         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
         add user script = /usr/local/sbin/smbldap-useradd.pl -a -m -d 
/home/%u %u
         delete user script = /usr/local/sbin/smbldap-userdel.pl %u
         add group script = /usr/local/sbin/smbldap-groupadd.pl %g
         delete group script = /usr/local/sbin/smbldap-groupdel.pl %g
         add user to group script = /usr/local/sbin/smbldap-usermod -G %g %u
         add machine script = /usr/local/sbin/smbldap-useradd.pl -w %m
         logon script = LOGON.BAT
         logon path = \\%L\profiles\%U
         logon drive = H:
         logon home = \\%L\%u
         domain logons = Yes
         os level = 64
         domain master = Yes
         dns proxy = No
         wins server = 172.17.0.1
         ldap suffix = dc=domain,dc=com
         ldap machine suffix = ou=Computers,dc=domain,dc=com
         ldap user suffix = ou=People,dc=domain,dc=com
         ldap group suffix = dc=domain,dc=com
         ldap idmap suffix = dc=domain,dc=com
         ldap admin dn = cn=Manager,dc=domain,dc=com
         ldap passwd sync = Yes
         ldap delete dn = Yes
         admin users = root, jerome, david
         printer admin = jerome, root
         hide dot files = No

[netlogon]
         path = /home/samba/netlogon
         write list = @wheel, root

[profiles]
         path = /home/samba/profiles
         read only = No
         create mask = 0600
         directory mask = 0700

I can file a bug on BugZilla if bug confirmed.

Regards,

J?r?me

--
J?r?me Fenal - Consultant Unix/SAN/Logiciel Libre
Groupe Expert & Managed Services - LogicaCMG France
http://www.logicacmg.com/fr/ - <mailto:jerome.fenal AT logicacmg.com>

On Tue, 2003-11-18 at 20:22, J?r?me Fenal wrote:
> Goog morning,
> 
> First of all, my setup :
> - Samba 3.0.1pre1 to Samba 3.0.1pre3 (RPM home recompiled from samba.org
>    SRPM);
> - OpenLDAP 2.0.27 (stock RH9) + Solaris RootDSE patch, all on RH9;
> - Two LDAP servers (one master, one slave, replication of all the base);
> - Samba setup as PDC + BDC, using Samba3 LDAP schema.
> So I know I can avoid the problem by not specifying two sources, but
I'd
> prefer setting both, for availability reasons.
So use this syntax instead:

passdb backend = ldapsam:"ldap://server1 ldap://server2"

This gives the problem to the LDAP libraries, which may or may not know
how to handle server-failover.  (But it works very well for OpenLDAP).

If you specify two ldapsam entires, you are really saying that you have
two distinct databases you wish to combine.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20031118/36a35e51/attachment.bin