thr3ads.net - samba - [Samba] Samba PDC LDAP and LDAP Aliases [Dec 2009]

If this information is useful, please help other people find it:
Share via:

Ivo Steinmann

2009-Dec-10 13:40 UTC

[Samba] Samba PDC LDAP and LDAP Aliases

Hello all

I've got a problem with unresolved (at least I guess that) LDAP Aliases
and Samba. That's my LDAP Setup:

ou=alvhaus,ou=ch  { base }
ou=People,ou=alvhaus,ou=ch { posix and samba accounts }
ou=Group,ou=alvhaus,ou=ch { posix and samba groups }
ou=Samba,ou=alvhaus,ou=ch { samba base dn }
ou=Idmap,ou=Samba,ou=alvhaus,ou=ch
ou=Machines,ou=Samba,ou=alvhaus,ou=ch
ou=PeopleAlias,ou=Samba,ou=alvhaus,ou=ch { that's an alias to
ou=People,ou=alvhaus,ou=ch }
ou=GroupAlias,ou=Samba,ou=alvhaus,ou=ch { that's an alias to
ou=Group,ou=alvhaus,ou=ch }


ldapsearch -h MYHOST -D "uid=Account Admin,ou=System
Accounts,dc=alvhaus,dc=ch" -W -b "ou=Samba,dc=alvhaus,dc=ch" -a
search
-s one
The output of ldapsearch is right! The aliases are correctly resolved
(controled by the "-a search" parameter)

# People, alvhaus.ch
dn: ou=People,dc=alvhaus,dc=ch
objectClass: organizationalUnit
ou: People

# Group, alvhaus.ch
dn: ou=Group,dc=alvhaus,dc=ch
objectClass: organizationalUnit
ou: Group

# Idmap, Samba, alvhaus.ch
dn: ou=Idmap,ou=Samba,dc=alvhaus,dc=ch
objectClass: organizationalUnit
ou: Idmap

# Machines, Samba, alvhaus.ch
dn: ou=Machines,ou=Samba,dc=alvhaus,dc=ch
objectClass: organizationalUnit
ou: Machines

# FILESERV, Samba, alvhaus.ch
dn: sambaDomainName=FILESERV,ou=Samba,dc=alvhaus,dc=ch
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
....... more

My smb.conf

        ldap admin dn = uid=Account Admin,ou=System
Accounts,dc=alvhaus,dc=ch
        ldap group suffix = ou=Group
        ldap idmap suffix = ou=Idmap
        ldap machine suffix = ou=Machines
        ldap passwd sync = yes
        ldap suffix = ou=Samba,dc=alvhaus,dc=ch
        ldap ssl = no
        ldap user suffix = ou=People

For me it looks right! And it's also working, if People and Group aren't
aliased. So I guess samba pdc is not resolving aliases.

Version 3.4.0

-Ivo Steinmann

Björn Jacke

2009-Dec-10 21:48 UTC

head link

[Samba] Samba PDC LDAP and LDAP Aliases

On 2009-12-10 at 14:40 +0100 Ivo Steinmann sent off:> For me it looks right! And it's also working, if People and Group
aren't
> aliased. So I guess samba pdc is not resolving aliases.
?n the next samba release (not yet in 3.5 ...) you'll be able to tell samba
whether and how to do alias dereferencing. But you should be able to tell the
ldap library to do that by default, too - see ldap.conf(5). That would also
make your -a option in ldapsearch obsolete.

Cheers
Bj?rn

Apparently Analagous Threads

Search for more maybe matching threads

samba - Dec 2009 - Samba PDC LDAP and LDAP Aliases

[Samba] Samba PDC LDAP and LDAP Aliases

[Samba] Samba PDC LDAP and LDAP Aliases

Apparently Analagous Threads