Hi! I'm trying to use the internal LDAP provided by Samba4 to store mail domains used by SOGo. I have two sets of users. Those used by Samba and created through samba-tool and those created under some "ou" I have made up. A few days ago I was able to change the latter users passwords using "ldapadmin" (a windows LDAP client) but today I am not. When I try to change a password I get an error message like "RPC server unavailable". And I have another problem with LDAP. I have to use ldapadmin to change users' password because ldappasswd gives me this error: ldappasswd -d4 -h 192.168.0.137 "cn=juan.lapuerta,ou=alisys.net ,dc=aliratiun,dc=tic" ldap_build_search_req ATTRS: supportedSASLMechanisms SASL/GSSAPI authentication started SASL username: Administrator at ALIRATIUN.TIC SASL SSF: 56 SASL data security layer installed. Result: Protocol error (2) Additional info: Extended Operation(1.3.6.1.4.1.4203.1.11.1) not supported But I think I read somewhere that that extended operation is supported. Thanks in advance. Regards, -- Linkedin profile (http://es.linkedin.com/in/lafdez) G+ profile (https://plus.google.com/u/0/115320207805121303027/about) Twitter (@lafdez @_lafdez_) Identi.ca (@lafdez)
I forgot to mention I'm using Samba 4.0.0. I'd appreciate any help here since I can't figure it out and I don't know where else I can look at. 2013/2/4 Luis Angel Fernandez Fernandez <laffdez at gmail.com>> Hi! > > I'm trying to use the internal LDAP provided by Samba4 to store mail > domains used by SOGo. I have two sets of users. Those used by Samba and > created through samba-tool and those created under some "ou" I have made > up. A few days ago I was able to change the latter users passwords using > "ldapadmin" (a windows LDAP client) but today I am not. When I try to > change a password I get an error message like "RPC server unavailable". > > And I have another problem with LDAP. I have to use ldapadmin to change > users' password because ldappasswd gives me this error: > > ldappasswd -d4 -h 192.168.0.137 "cn=juan.lapuerta,ou=alisys.net > ,dc=aliratiun,dc=tic" > ldap_build_search_req ATTRS: supportedSASLMechanisms > SASL/GSSAPI authentication started > SASL username: Administrator at ALIRATIUN.TIC > SASL SSF: 56 > SASL data security layer installed. > Result: Protocol error (2) > Additional info: Extended Operation(1.3.6.1.4.1.4203.1.11.1) not supported > > But I think I read somewhere that that extended operation is supported. > > Thanks in advance. > > Regards, > > -- > Linkedin profile (http://es.linkedin.com/in/lafdez) > G+ profile (https://plus.google.com/u/0/115320207805121303027/about) > Twitter (@lafdez @_lafdez_) > Identi.ca (@lafdez) >-- Linkedin profile (http://es.linkedin.com/in/lafdez) G+ profile (https://plus.google.com/u/0/115320207805121303027/about) Twitter (@lafdez @_lafdez_) Identi.ca (@lafdez)
Andrew Bartlett
2013-Feb-06 21:25 UTC
[Samba] AD DC LDAP support for the 'password change' extended operation
On Mon, 2013-02-04 at 10:31 +0100, Luis Angel Fernandez Fernandez wrote:> Hi! > > I'm trying to use the internal LDAP provided by Samba4 to store mail > domains used by SOGo. I have two sets of users. Those used by Samba and > created through samba-tool and those created under some "ou" I have made > up. A few days ago I was able to change the latter users passwords using > "ldapadmin" (a windows LDAP client) but today I am not. When I try to > change a password I get an error message like "RPC server unavailable". > > And I have another problem with LDAP. I have to use ldapadmin to change > users' password because ldappasswd gives me this error: > > ldappasswd -d4 -h 192.168.0.137 "cn=juan.lapuerta,ou=alisys.net > ,dc=aliratiun,dc=tic" > ldap_build_search_req ATTRS: supportedSASLMechanisms > SASL/GSSAPI authentication started > SASL username: Administrator at ALIRATIUN.TIC > SASL SSF: 56 > SASL data security layer installed. > Result: Protocol error (2) > Additional info: Extended Operation(1.3.6.1.4.1.4203.1.11.1) not supported > > But I think I read somewhere that that extended operation is supported.I can help on this part of the question: No, the extended operation is not supported - it remains a wishlist item that one of our developers was working on at some point, but has not progressed beyond that. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org