Ivo.Hanuska@hella.com
2006-Jun-08 08:02 UTC
[Samba] ADS and not working IDMAP on OpenLdap backend
Halo everyone! I am trying to implement IDMAP backend based on OpenLdap and it refuses to work. After some diagnostics on both (Samba+Winbind and OpenLdap) sides I found in my logs following error messages: Jun 7 14:03:03 proxy slapd[5361]: send_ldap_result: err=21 matched="" text="objectClass: value #0 invalid per syntax" Jun 7 14:03:03 proxy slapd[5361]: conn=14 op=3 RESULT tag=103 err=21 text=objectClass: value #0 invalid per syntax Jun 7 14:03:03 proxy winbindd[5685]: [2006/06/07 14:03:03, 0] sam/idmap.c:idmap_init(138) Jun 7 14:03:03 proxy winbindd[5685]: idmap_init: failed to initialize remote backend! Which seems to me, that there might be some bug, or missconfiguration in somewhere, but I am not able to find it. Of course wbinfo returns nothing and samba itself is not working... Could someone throw an eye on following configuration files and see "the obvious" - reason why it is not working? Debug information: Samba is running on SuSE linux Enterprise server 9.1 SP 3. Samba itself is version 3.0.20b-3.4-SUSE, OpenLDAP is version 2.2.24. krb5 libs are Heimdal 0.6.1.rc3, nss_ldap is version 215. smb.conf: [global] workgroup = HAT printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User username map = /etc/samba/smbusers security = ads encrypt passwords = yes ldap admin dn = cn=administrator,dc=xxx,dc=yyyyyy,dc=com ldap suffix = dc=xxx,dc=yyyyyy,dc=com ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://localhost/ allow trusted domains = yes domain logons = no netbios name = %h server string = %h preferred master = auto acl compatibility = auto acl group control = no idmap uid = 10000-200000 idmap gid = 10000-200000 realm = xxx.yyyyyy.COM password server = czshatdc01.xxx.yyyyyy.com log level = 3 winbind use default domain = Yes winbind enum users = No winbind enum groups = No winbind nested groups = Yes nss_ldap libraries config (/etc/ldap.conf): host localhost base "dc=xxx,dc=yyyyyy,dc=com" binddn "cn=administrator,dc=xxx,dc=yyyyyy,dc=com" bindpw "testtest" pam_password exop nss_base_passwd "ou=People,dc=xxx,dc=yyyyyy,dc=com?one" nss_base_shadow "ou=People,dc=xxx,dc=yyyyyy,dc=com?one" nss_base_group "ou=Groups,dc=xxx,dc=yyyyyy,dc=com?one" ssl no OpenLdap config (/etc/openldap/ldap.conf) TLS_REQCERT allow host 127.0.0.1 base dc=xxx,dc=yyyyyy,dc=com binddn cn=administrator,dc=xxx,dc=yyyyyy,dc=com bindpw testtest Slapd config (/etc/openldap/slapd.conf) loglevel 3052 database bdb suffix "dc=xxx,dc=yyyyyy,dc=com" rootdn "cn=Administrator,dc=xxx,dc=yyyyyy,dc=com" rootpw "testtest" directory /var/lib/ldap checkpoint 1024 5 cachesize 10000 ldif file with database structure: dn: dc=xxx,dc=yyyyyy,dc=com objectClass: dcObject objectClass: organization dc: hat o: Hella description: Posix and Samba LDAP Identity Database dn: cn=administrator,dc=xxx,dc=yyyyyy,dc=com objectClass: organizationalRole cn: administrator description: Directory Manager dn: ou=Idmap,dc=xxx,dc=yyyyyy,dc=com objectClass: organizationalUnit ou: idmap Thank you for any help, or even a hint. Ivo Hanuska