On Wed, 2004-03-10 at 02:03, Adam Williams wrote:> I've seen several references on the web to setting up the LDAP SAM to
> communicate with the LDAP server via ldapi (IPC) verses ldap (IP). This
> should theoretically much faster.
>
> My LDAP master is on the same host as the Samba PDC. With nss_ldap
> using "uri ldap://localhost" and Samba using
"ldapsam:ldap://localhost/"
> everything works.
>
> But changing nss_ldap to use "uri ldapi://%2fvar%2frun%2fldapi/"
breaks
> Samba. Commands like "ls", "finger", and
"id" continue to be able to
> identify users, but Samba starts reporting "no such user" errors.
>
> Leaving nss_ldap using "ldap://localhost/" and changing ldapsam
to be
> "ldapi://%2fvar%2frun%2fldapi" also breaks Samba.
>
> Of course, having both NSS and Samba use ldapi doesn't work either.
>
> Exceuting "ldapsearch -H ldapi://%2fvar%2frun%2fldapi/ uid=adam"
works,
> so I don't suspect a problem with the ldapi protocol/socket itself.
>
> Is there known bugs/problems with Samba using ldapi? (This is samba
> 3.0.2).
I run my nss_ldap with:
uri ldap://127.0.0.1/ ldap://ldap.internal.hawkerc.net
and samba with
passdb backend = ldapsam:"ldapi:// ldap://ldap.internal.hawkerc.net"
Which causes nss_ldap to use TCP sockets, for the local and backup ldap
server. Samba uses ldapi for the local, and TCP for the backup server.
I never quite managed to get the full path syntax right in Samba, but
ldapi:// works for me.
Andrew Bartlett
--
Andrew Bartlett abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet@samba.org
Student Network Administrator, Hawker College abartlet@hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20040310/35e706a7/attachment.bin