Hi, I am running into a bit of a strange problem. I have a Perl script
that creates usernames for mass-adding users. This script used to use the
standard Linux 'adduser' command to add users to the system. I am now
switching everything over to LDAP, including Samba.
I have modified the custom Perl script to add users in bulk for
smbldap-tools.
system("smbldap_tools/smbldap-useradd -a -g students -c
\"$Ofirst,$Olast,$studentnum\" -C
'\\\\FILESERVER\\homes\\$username' -d
$homedir/$username -m $username");
I also create a group entry for students:
dn: cn=students,ou=Groups,dc=test-mcc,dc=edu
objectClass: posixGroup,sambaGroupMapping
cn: students
gidNumber: 1113
sambaSID: S-1-5-21-2737720518-3188833511-1042965985-3227
sambaGroupType: 2
displayName: students
Now, I start the custom Perl script to mass-add users, and it adds 120
users, and then users stop being added. smbldap-useradd returns no kind of
error, it almost seems like it thinks it is adding the users, but they
really aren't getting added after 120 users. The first 120 users seem
fine. I took a look in the LDAP file, and for the remaining users, it is
still binding, searching, but doesn't appear to actually add the user
info:
Jun 28 04:56:49 esdev2 slapd[16063]: conn=12629 op=0 BIND
dn="cn=Manager,dc=test-mcc,dc=edu" method=128
Jun 28 04:56:49 esdev2 slapd[16063]: conn=12629 op=0 BIND
dn="cn=Manager,dc=test-mcc,dc=edu" mech=SIMPLE ssf=0
Jun 28 04:56:49 esdev2 slapd[16063]: conn=12629 op=0 RESULT tag=97 err=0
textJun 28 04:56:49 esdev2 slapd[11498]: conn=12629 op=1 SRCH
base="dc=test-mcc,dc=edu" scope=2 deref=2
filter="(&(objectClass=posixAccount)(uid=tmoore))"
Jun 28 04:56:49 esdev2 slapd[11498]: conn=12629 op=1 SEARCH RESULT tag=101
err=0 nentries=0 textJun 28 04:56:49 esdev2 slapd[11424]: conn=12629 fd=11
closed
Jun 28 04:56:50 esdev2 slapd[11424]: conn=12630 fd=11 ACCEPT from
IP=207.74.136.238:43817 (IP=0.0.0.0:636)
Jun 28 04:56:50 esdev2 slapd[11506]: conn=12630 op=0 BIND
dn="cn=Manager,dc=test-mcc,dc=edu" method=128
Jun 28 04:56:50 esdev2 slapd[11506]: conn=12630 op=0 BIND
dn="cn=Manager,dc=test-mcc,dc=edu" mech=SIMPLE ssf=0
Jun 28 04:56:50 esdev2 slapd[11506]: conn=12630 op=0 RESULT tag=97 err=0
textJun 28 04:56:50 esdev2 slapd[11499]: conn=12630 op=1 SRCH
base="dc=test-mcc,dc=edu" scope=2 deref=2
filter="(&(objectClass=posixAccount)(uid=lhart1))"
Jun 28 04:56:50 esdev2 slapd[11499]: conn=12630 op=1 SEARCH RESULT tag=101
err=0 nentries=0 textJun 28 04:56:50 esdev2 slapd[11424]: conn=12630 fd=11
closed
These 2 users, lhart1 and tmoore, are 2 users that are supposed to be
added after the last user that is successfully added.
Now, when the group is "full" like this, if I do a 'net groupmap
list', I
get a "Segmentation Fault". Also, when the group is "full",
and my script
is still trying to add users (with smbldap-useradd), stderr is spitting
out "Segmentation Fault". nscd also seems to be dying and starting
again
after the first 120 users are added. I don't have winbindd, I've also
disabled nscd caching.
Now, the interesting part. If I change the '-g students' to '-g
'domain
users'' everything works fine!
Adding users to 'Domain Users' works, but 'students' does not?
Actually, adding a new group with the first part being "Domain" such
as
group 'Domain Studs' works fine. If the group name doesn't have
"Domain"
in it, it gets screwed up?
I'd appreciated any help with this!
Also, one more question, I've noticed that for each user, a memberUid
attribute is created inside the group. I'm assuming this is supposed to
happen, but why? Does Samba maybe need it this way? Even for the primary
group it adds an "extra" memberUid attribute for each user? Does this
hurt
performance?
Thanks in advance for any help.
Marc
> Now, I start the custom Perl script to mass-add users, and it adds 120 > users, and then users stop being added. smbldap-useradd returns no kind of > error, it almost seems like it thinks it is adding the users, but they > really aren't getting added after 120 users. The first 120 users seem > fine. I took a look in the LDAP file, and for the remaining users, it is > still binding, searching, but doesn't appear to actually add the user > info:1.) Make sure you are not using an antique version of OpenLDAP. For some totally incomprehensible reason most distributions (especially RedHat derived ones) ship with very very very old versions of this software. SuSe does quite a bit better. 2.) You don't say what versions or backend you are using. If you are using a BDB or HDB backend (and you should) you need to make sure your DB_CONFIG settings are reasonable. If you are using an LDBM backend then just give up. ftp://ftp.kalamazoolinux.org/pub/pdf/LDAP106.pdf 3.) Does the "id {username}" still work for a user after it stops addding-for-read? Can you perform an ldapsearch, without restarting the DSA?> Now, when the group is "full" like this, if I do a 'net groupmap list', I > get a "Segmentation Fault". Also, when the group is "full", and my script > is still trying to add users (with smbldap-useradd), stderr is spitting > out "Segmentation Fault". nscd also seems to be dying and starting again > after the first 120 users are added. I don't have winbindd, I've also > disabled nscd caching.If you've disabled ncsd caching how is nscd crashing?> I'd appreciated any help with this! > Also, one more question, I've noticed that for each user, a memberUid > attribute is created inside the group. I'm assuming this is supposed to > happen, but why? Does Samba maybe need it this way? Even for the primary > group it adds an "extra" memberUid attribute for each user? Does this hurt > performance?This is required if you want to enumerate members of a group, it helps performance. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20050629/3d0ffa57/attachment.bin
> > 1.) Make sure you are not using an antique version of OpenLDAP. Forsome totally incomprehensible reason most distributions (especially RedHat derived ones) ship with very very very old versions of this software. SuSe does quite a bit better. OpenLDAP 2.2.26-r2> 2.) You don't say what versions or backend you are using. If you areusing a BDB or HDB backend (and you should) you need to make sure your DB_CONFIG settings are reasonable. If you are using an LDBM backend then just give up.> ftp://ftp.kalamazoolinux.org/pub/pdf/LDAP106.pdfSorry, I am using BDB -- but I have used both LDBM and BDB. Cache settings and all seem to work good.> 3.) Does the "id {username}" still work for a user after it stopsaddding-for-read? Can you perform an ldapsearch, without restarting the DSA? acad1 ~ # id lhart1 id: io.c:171: ber_free_buf: Assertion `((ber)->ber_opts.lbo_valid==0x2)' failed. uid=10214(lhart1) gid=505Aborted> > > If you've disabled ncsd caching how is nscd crashing? >Well, I can't seem to totally disable it from popping up -- I've added "name cache timeout = 0" to smb.conf (if I understood that correctly, thats supposed to stop nscd from starting, maybe not). I "disabled" it by commenting everything in nscd.conf.> > This is required if you want to enumerate members of a group, it helpsperformance. Cool, thats good to know. =) "Now, the interesting part. If I change the '-g students' to '-g 'domain users'' everything works fine! Adding users to 'Domain Users' works, but 'students' does not? Actually, adding a new group with the first part being "Domain" such as group 'Domain Studs' works fine. If the group name doesn't have "Domain" in it, it gets screwed up?" Thanks for your help, Marc
Hi,
This may be a long shot, but you don't happen to have a really low sizelimit
in your slapd.conf, do you?
Best regards,
Bruno Guerreiro
-----Original Message-----
From: msmith@edtech.mcc.edu [mailto:msmith@edtech.mcc.edu]
Sent: quarta-feira, 29 de Junho de 2005 18:37
To: samba@lists.samba.org
Subject: [Samba] Samba PDC w/ LDAP & Mass Adding Users
Hi, I am running into a bit of a strange problem. I have a Perl script
that creates usernames for mass-adding users. This script used to use the
standard Linux 'adduser' command to add users to the system. I am now
switching everything over to LDAP, including Samba.
I have modified the custom Perl script to add users in bulk for
smbldap-tools.
system("smbldap_tools/smbldap-useradd -a -g students -c
\"$Ofirst,$Olast,$studentnum\" -C
'\\\\FILESERVER\\homes\\$username' -d
$homedir/$username -m $username");
I also create a group entry for students:
dn: cn=students,ou=Groups,dc=test-mcc,dc=edu
objectClass: posixGroup,sambaGroupMapping
cn: students
gidNumber: 1113
sambaSID: S-1-5-21-2737720518-3188833511-1042965985-3227
sambaGroupType: 2
displayName: students
Now, I start the custom Perl script to mass-add users, and it adds 120
users, and then users stop being added. smbldap-useradd returns no kind of
error, it almost seems like it thinks it is adding the users, but they
really aren't getting added after 120 users. The first 120 users seem
fine. I took a look in the LDAP file, and for the remaining users, it is
still binding, searching, but doesn't appear to actually add the user
info:
Jun 28 04:56:49 esdev2 slapd[16063]: conn=12629 op=0 BIND
dn="cn=Manager,dc=test-mcc,dc=edu" method=128
Jun 28 04:56:49 esdev2 slapd[16063]: conn=12629 op=0 BIND
dn="cn=Manager,dc=test-mcc,dc=edu" mech=SIMPLE ssf=0
Jun 28 04:56:49 esdev2 slapd[16063]: conn=12629 op=0 RESULT tag=97 err=0
textJun 28 04:56:49 esdev2 slapd[11498]: conn=12629 op=1 SRCH
base="dc=test-mcc,dc=edu" scope=2 deref=2
filter="(&(objectClass=posixAccount)(uid=tmoore))"
Jun 28 04:56:49 esdev2 slapd[11498]: conn=12629 op=1 SEARCH RESULT tag=101
err=0 nentries=0 textJun 28 04:56:49 esdev2 slapd[11424]: conn=12629 fd=11
closed
Jun 28 04:56:50 esdev2 slapd[11424]: conn=12630 fd=11 ACCEPT from
IP=207.74.136.238:43817 (IP=0.0.0.0:636)
Jun 28 04:56:50 esdev2 slapd[11506]: conn=12630 op=0 BIND
dn="cn=Manager,dc=test-mcc,dc=edu" method=128
Jun 28 04:56:50 esdev2 slapd[11506]: conn=12630 op=0 BIND
dn="cn=Manager,dc=test-mcc,dc=edu" mech=SIMPLE ssf=0
Jun 28 04:56:50 esdev2 slapd[11506]: conn=12630 op=0 RESULT tag=97 err=0
textJun 28 04:56:50 esdev2 slapd[11499]: conn=12630 op=1 SRCH
base="dc=test-mcc,dc=edu" scope=2 deref=2
filter="(&(objectClass=posixAccount)(uid=lhart1))"
Jun 28 04:56:50 esdev2 slapd[11499]: conn=12630 op=1 SEARCH RESULT tag=101
err=0 nentries=0 textJun 28 04:56:50 esdev2 slapd[11424]: conn=12630 fd=11
closed
These 2 users, lhart1 and tmoore, are 2 users that are supposed to be
added after the last user that is successfully added.
Now, when the group is "full" like this, if I do a 'net groupmap
list', I
get a "Segmentation Fault". Also, when the group is "full",
and my script
is still trying to add users (with smbldap-useradd), stderr is spitting
out "Segmentation Fault". nscd also seems to be dying and starting
again
after the first 120 users are added. I don't have winbindd, I've also
disabled nscd caching.
Now, the interesting part. If I change the '-g students' to '-g
'domain
users'' everything works fine!
Adding users to 'Domain Users' works, but 'students' does not?
Actually, adding a new group with the first part being "Domain" such
as
group 'Domain Studs' works fine. If the group name doesn't have
"Domain"
in it, it gets screwed up?
I'd appreciated any help with this!
Also, one more question, I've noticed that for each user, a memberUid
attribute is created inside the group. I'm assuming this is supposed to
happen, but why? Does Samba maybe need it this way? Even for the primary
group it adds an "extra" memberUid attribute for each user? Does this
hurt
performance?
Thanks in advance for any help.
Marc
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba