Hi, I am running into a bit of a strange problem. I have a Perl script that creates usernames for mass-adding users. This script used to use the standard Linux 'adduser' command to add users to the system. I am now switching everything over to LDAP, including Samba. I have modified the custom Perl script to add users in bulk for smbldap-tools. system("smbldap_tools/smbldap-useradd -a -g students -c \"$Ofirst,$Olast,$studentnum\" -C '\\\\FILESERVER\\homes\\$username' -d $homedir/$username -m $username"); I also create a group entry for students: dn: cn=students,ou=Groups,dc=test-mcc,dc=edu objectClass: posixGroup,sambaGroupMapping cn: students gidNumber: 1113 sambaSID: S-1-5-21-2737720518-3188833511-1042965985-3227 sambaGroupType: 2 displayName: students Now, I start the custom Perl script to mass-add users, and it adds 120 users, and then users stop being added. smbldap-useradd returns no kind of error, it almost seems like it thinks it is adding the users, but they really aren't getting added after 120 users. The first 120 users seem fine. I took a look in the LDAP file, and for the remaining users, it is still binding, searching, but doesn't appear to actually add the user info: Jun 28 04:56:49 esdev2 slapd[16063]: conn=12629 op=0 BIND dn="cn=Manager,dc=test-mcc,dc=edu" method=128 Jun 28 04:56:49 esdev2 slapd[16063]: conn=12629 op=0 BIND dn="cn=Manager,dc=test-mcc,dc=edu" mech=SIMPLE ssf=0 Jun 28 04:56:49 esdev2 slapd[16063]: conn=12629 op=0 RESULT tag=97 err=0 textJun 28 04:56:49 esdev2 slapd[11498]: conn=12629 op=1 SRCH base="dc=test-mcc,dc=edu" scope=2 deref=2 filter="(&(objectClass=posixAccount)(uid=tmoore))" Jun 28 04:56:49 esdev2 slapd[11498]: conn=12629 op=1 SEARCH RESULT tag=101 err=0 nentries=0 textJun 28 04:56:49 esdev2 slapd[11424]: conn=12629 fd=11 closed Jun 28 04:56:50 esdev2 slapd[11424]: conn=12630 fd=11 ACCEPT from IP=207.74.136.238:43817 (IP=0.0.0.0:636) Jun 28 04:56:50 esdev2 slapd[11506]: conn=12630 op=0 BIND dn="cn=Manager,dc=test-mcc,dc=edu" method=128 Jun 28 04:56:50 esdev2 slapd[11506]: conn=12630 op=0 BIND dn="cn=Manager,dc=test-mcc,dc=edu" mech=SIMPLE ssf=0 Jun 28 04:56:50 esdev2 slapd[11506]: conn=12630 op=0 RESULT tag=97 err=0 textJun 28 04:56:50 esdev2 slapd[11499]: conn=12630 op=1 SRCH base="dc=test-mcc,dc=edu" scope=2 deref=2 filter="(&(objectClass=posixAccount)(uid=lhart1))" Jun 28 04:56:50 esdev2 slapd[11499]: conn=12630 op=1 SEARCH RESULT tag=101 err=0 nentries=0 textJun 28 04:56:50 esdev2 slapd[11424]: conn=12630 fd=11 closed These 2 users, lhart1 and tmoore, are 2 users that are supposed to be added after the last user that is successfully added. Now, when the group is "full" like this, if I do a 'net groupmap list', I get a "Segmentation Fault". Also, when the group is "full", and my script is still trying to add users (with smbldap-useradd), stderr is spitting out "Segmentation Fault". nscd also seems to be dying and starting again after the first 120 users are added. I don't have winbindd, I've also disabled nscd caching. Now, the interesting part. If I change the '-g students' to '-g 'domain users'' everything works fine! Adding users to 'Domain Users' works, but 'students' does not? Actually, adding a new group with the first part being "Domain" such as group 'Domain Studs' works fine. If the group name doesn't have "Domain" in it, it gets screwed up? I'd appreciated any help with this! Also, one more question, I've noticed that for each user, a memberUid attribute is created inside the group. I'm assuming this is supposed to happen, but why? Does Samba maybe need it this way? Even for the primary group it adds an "extra" memberUid attribute for each user? Does this hurt performance? Thanks in advance for any help. Marc
> Now, I start the custom Perl script to mass-add users, and it adds 120 > users, and then users stop being added. smbldap-useradd returns no kind of > error, it almost seems like it thinks it is adding the users, but they > really aren't getting added after 120 users. The first 120 users seem > fine. I took a look in the LDAP file, and for the remaining users, it is > still binding, searching, but doesn't appear to actually add the user > info:1.) Make sure you are not using an antique version of OpenLDAP. For some totally incomprehensible reason most distributions (especially RedHat derived ones) ship with very very very old versions of this software. SuSe does quite a bit better. 2.) You don't say what versions or backend you are using. If you are using a BDB or HDB backend (and you should) you need to make sure your DB_CONFIG settings are reasonable. If you are using an LDBM backend then just give up. ftp://ftp.kalamazoolinux.org/pub/pdf/LDAP106.pdf 3.) Does the "id {username}" still work for a user after it stops addding-for-read? Can you perform an ldapsearch, without restarting the DSA?> Now, when the group is "full" like this, if I do a 'net groupmap list', I > get a "Segmentation Fault". Also, when the group is "full", and my script > is still trying to add users (with smbldap-useradd), stderr is spitting > out "Segmentation Fault". nscd also seems to be dying and starting again > after the first 120 users are added. I don't have winbindd, I've also > disabled nscd caching.If you've disabled ncsd caching how is nscd crashing?> I'd appreciated any help with this! > Also, one more question, I've noticed that for each user, a memberUid > attribute is created inside the group. I'm assuming this is supposed to > happen, but why? Does Samba maybe need it this way? Even for the primary > group it adds an "extra" memberUid attribute for each user? Does this hurt > performance?This is required if you want to enumerate members of a group, it helps performance. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20050629/3d0ffa57/attachment.bin
> > 1.) Make sure you are not using an antique version of OpenLDAP. Forsome totally incomprehensible reason most distributions (especially RedHat derived ones) ship with very very very old versions of this software. SuSe does quite a bit better. OpenLDAP 2.2.26-r2> 2.) You don't say what versions or backend you are using. If you areusing a BDB or HDB backend (and you should) you need to make sure your DB_CONFIG settings are reasonable. If you are using an LDBM backend then just give up.> ftp://ftp.kalamazoolinux.org/pub/pdf/LDAP106.pdfSorry, I am using BDB -- but I have used both LDBM and BDB. Cache settings and all seem to work good.> 3.) Does the "id {username}" still work for a user after it stopsaddding-for-read? Can you perform an ldapsearch, without restarting the DSA? acad1 ~ # id lhart1 id: io.c:171: ber_free_buf: Assertion `((ber)->ber_opts.lbo_valid==0x2)' failed. uid=10214(lhart1) gid=505Aborted> > > If you've disabled ncsd caching how is nscd crashing? >Well, I can't seem to totally disable it from popping up -- I've added "name cache timeout = 0" to smb.conf (if I understood that correctly, thats supposed to stop nscd from starting, maybe not). I "disabled" it by commenting everything in nscd.conf.> > This is required if you want to enumerate members of a group, it helpsperformance. Cool, thats good to know. =) "Now, the interesting part. If I change the '-g students' to '-g 'domain users'' everything works fine! Adding users to 'Domain Users' works, but 'students' does not? Actually, adding a new group with the first part being "Domain" such as group 'Domain Studs' works fine. If the group name doesn't have "Domain" in it, it gets screwed up?" Thanks for your help, Marc
Hi, This may be a long shot, but you don't happen to have a really low sizelimit in your slapd.conf, do you? Best regards, Bruno Guerreiro -----Original Message----- From: msmith@edtech.mcc.edu [mailto:msmith@edtech.mcc.edu] Sent: quarta-feira, 29 de Junho de 2005 18:37 To: samba@lists.samba.org Subject: [Samba] Samba PDC w/ LDAP & Mass Adding Users Hi, I am running into a bit of a strange problem. I have a Perl script that creates usernames for mass-adding users. This script used to use the standard Linux 'adduser' command to add users to the system. I am now switching everything over to LDAP, including Samba. I have modified the custom Perl script to add users in bulk for smbldap-tools. system("smbldap_tools/smbldap-useradd -a -g students -c \"$Ofirst,$Olast,$studentnum\" -C '\\\\FILESERVER\\homes\\$username' -d $homedir/$username -m $username"); I also create a group entry for students: dn: cn=students,ou=Groups,dc=test-mcc,dc=edu objectClass: posixGroup,sambaGroupMapping cn: students gidNumber: 1113 sambaSID: S-1-5-21-2737720518-3188833511-1042965985-3227 sambaGroupType: 2 displayName: students Now, I start the custom Perl script to mass-add users, and it adds 120 users, and then users stop being added. smbldap-useradd returns no kind of error, it almost seems like it thinks it is adding the users, but they really aren't getting added after 120 users. The first 120 users seem fine. I took a look in the LDAP file, and for the remaining users, it is still binding, searching, but doesn't appear to actually add the user info: Jun 28 04:56:49 esdev2 slapd[16063]: conn=12629 op=0 BIND dn="cn=Manager,dc=test-mcc,dc=edu" method=128 Jun 28 04:56:49 esdev2 slapd[16063]: conn=12629 op=0 BIND dn="cn=Manager,dc=test-mcc,dc=edu" mech=SIMPLE ssf=0 Jun 28 04:56:49 esdev2 slapd[16063]: conn=12629 op=0 RESULT tag=97 err=0 textJun 28 04:56:49 esdev2 slapd[11498]: conn=12629 op=1 SRCH base="dc=test-mcc,dc=edu" scope=2 deref=2 filter="(&(objectClass=posixAccount)(uid=tmoore))" Jun 28 04:56:49 esdev2 slapd[11498]: conn=12629 op=1 SEARCH RESULT tag=101 err=0 nentries=0 textJun 28 04:56:49 esdev2 slapd[11424]: conn=12629 fd=11 closed Jun 28 04:56:50 esdev2 slapd[11424]: conn=12630 fd=11 ACCEPT from IP=207.74.136.238:43817 (IP=0.0.0.0:636) Jun 28 04:56:50 esdev2 slapd[11506]: conn=12630 op=0 BIND dn="cn=Manager,dc=test-mcc,dc=edu" method=128 Jun 28 04:56:50 esdev2 slapd[11506]: conn=12630 op=0 BIND dn="cn=Manager,dc=test-mcc,dc=edu" mech=SIMPLE ssf=0 Jun 28 04:56:50 esdev2 slapd[11506]: conn=12630 op=0 RESULT tag=97 err=0 textJun 28 04:56:50 esdev2 slapd[11499]: conn=12630 op=1 SRCH base="dc=test-mcc,dc=edu" scope=2 deref=2 filter="(&(objectClass=posixAccount)(uid=lhart1))" Jun 28 04:56:50 esdev2 slapd[11499]: conn=12630 op=1 SEARCH RESULT tag=101 err=0 nentries=0 textJun 28 04:56:50 esdev2 slapd[11424]: conn=12630 fd=11 closed These 2 users, lhart1 and tmoore, are 2 users that are supposed to be added after the last user that is successfully added. Now, when the group is "full" like this, if I do a 'net groupmap list', I get a "Segmentation Fault". Also, when the group is "full", and my script is still trying to add users (with smbldap-useradd), stderr is spitting out "Segmentation Fault". nscd also seems to be dying and starting again after the first 120 users are added. I don't have winbindd, I've also disabled nscd caching. Now, the interesting part. If I change the '-g students' to '-g 'domain users'' everything works fine! Adding users to 'Domain Users' works, but 'students' does not? Actually, adding a new group with the first part being "Domain" such as group 'Domain Studs' works fine. If the group name doesn't have "Domain" in it, it gets screwed up? I'd appreciated any help with this! Also, one more question, I've noticed that for each user, a memberUid attribute is created inside the group. I'm assuming this is supposed to happen, but why? Does Samba maybe need it this way? Even for the primary group it adds an "extra" memberUid attribute for each user? Does this hurt performance? Thanks in advance for any help. Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba