I'm using samba 3.0.4 with ldapsam as a pdc. When I try to create a group, samba correctly runs the add group script, which creates an LDAP entry with objectClass set to posixGroup and gidNumber set to the gid I want to use and cn set to the group name. The next thing samba does is look for the posix group with the following filters: [(&(objectClass=sambaGroupMapping)(gidNumber=0))] [(&(|(objectClass=posixGroup)(objectclass=sambaIdmapEntry))(gidNumber=0))] [(&(objectClass=sambaIdmapEntry)(gidNumber=0))] In all cases they fail because the gidNumber is set to something non-zero. Why is it searching on objectClass and gidNumber, not objectClass and cn? Is there a way to change this behavior or let samba know what the gidNumber should be? I've tried having the add group script return the gidNumber instead of zero, but the behavior is the same. -- Michael D. Jurney mike@jurney.org
(This is a repost of a question I sent a while ago - I'm still looking for an answer...) I'm using samba 3.0.4 with ldapsam as a pdc. When I try to create a group, samba correctly runs the add group script, which creates an LDAP entry with objectClass set to posixGroup and gidNumber set to the gid I want to use and cn set to the group name. The next thing samba does is look for the posix group with the following filters: [(&(objectClass=sambaGroupMapping)(gidNumber=0))] [(&(|(objectClass=posixGroup)(objectclass=sambaIdmapEntry))(gidNumber=0))] [(&(objectClass=sambaIdmapEntry)(gidNumber=0))] In all cases they fail because the gidNumber is set to something non-zero. Why is it searching on objectClass and gidNumber, not objectClass and cn? Is there a way to change this behavior or let samba know what the gidNumber should be? I've tried having the add group script return the gidNumber instead of zero, but the behavior is the same. -- Michael D. Jurney mike@jurney.org