I'm trying to get Samba set up to read all account information from my existing LDAP directory. I have nss_ldap set up and working correctly. I'm using Mandrake 10.0, and the problem occurs both with their Samba 3.0.2a packages and the Samba 3.0.4 RPMs from samba.org. When Samba queries the LDAP server, it seems to be using the admin DN as the *search base*, rather than using the suffix configured in smb.conf. The appropriate bit of my smb.conf (with the organization name removed, obviously) looks like this: passdb backend = ldapsam:ldap://ldap.fakeorgname.dom ldap admin dn = cn=Manager,o=Organization Name ldap delete dn = no ldap filter = (&(uid=%u)(objectclass=sambaSamAccount)) ldap group suffix = cat=Groups ldap machine suffix = cat=Computers ldap passwd sync = yes ldap ssl = off ldap suffix = o=Organization Name ldap user suffix = cat=Staff When I sniff the LDAP queries or look at log.smbd, I see that the base DN being used for the queries is "cn=Manager,o=Organization Name" or even "cat=Groups,cn=Manager,o=Organization Name". This makes no sense at all to me. I even browsed through the code, and I can't see any way that these two configuration items could possibly get mixed up. Can anybody suggest any way that this could occur, or anything that I should check to resolve this? -- Take care, Scott \\'unsch
Do you actually specify your ldap suffix anyplace? It could be trying to guess at the suffix using LDAP entries you do have. Scott Wunsch wrote:>I'm trying to get Samba set up to read all account information from my >existing LDAP directory. I have nss_ldap set up and working correctly. >I'm using Mandrake 10.0, and the problem occurs both with their Samba >3.0.2a packages and the Samba 3.0.4 RPMs from samba.org. > >When Samba queries the LDAP server, it seems to be using the admin DN as >the *search base*, rather than using the suffix configured in smb.conf. > >The appropriate bit of my smb.conf (with the organization name >removed, obviously) looks like this: > >passdb backend = ldapsam:ldap://ldap.fakeorgname.dom >ldap admin dn = cn=Manager,o=Organization Name >ldap delete dn = no >ldap filter = (&(uid=%u)(objectclass=sambaSamAccount)) >ldap group suffix = cat=Groups >ldap machine suffix = cat=Computers >ldap passwd sync = yes >ldap ssl = off >ldap suffix = o=Organization Name >ldap user suffix = cat=Staff > >When I sniff the LDAP queries or look at log.smbd, I see that the base DN >being used for the queries is "cn=Manager,o=Organization Name" or even >"cat=Groups,cn=Manager,o=Organization Name". This makes no sense at all >to me. I even browsed through the code, and I can't see any way that >these two configuration items could possibly get mixed up. > >Can anybody suggest any way that this could occur, or anything that I >should check to resolve this? > > >-- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.com mailto:pgienger@ae-solutions.com
Le mar 22/06/2004 ? 20:00, Scott Wunsch a ?crit : Hi> ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))I have seen posts on this list by Samba Team member who said that using ldap filter will most likely brake things. So try without filter. Cheers -- Marcel de Riedmatten