samba - Sep 2021 - LdapSearch returns a user first instead of the domain base

On Tue, 2021-09-28 at 16:38 +0200, Olivier BILHAUT via samba
wrote:
> Hi Samba list :) 
> 
> I face to a dev which refuse to connect it's
> software to our Samba4 for a strange reason. 
> 
> He arges that Samba4
> behaves differently than Microsoft one ;) For sure, it behaves really
> better ;) 
> 
> The problem is tthat whenever he is performing searches
> against a Microsoft ldap server, the MS ldap server always returns
> the
> first domain as first result followed by the remaining objects.
> 
> In our
> case, Samba effectivelly returns a user (always the same), and the
> domain follows but really later on, after a bunch of users. 
> 
> Does
> anybody knows if this is something that can be fixed by an option ? 
> 
> If
> that's an issue, is there a chance that it could be fixed someday ?
> 
> 
> Many thanks to the community BTW, Samba is definitly cool.
> 
It might help if you post the ldap search you are using and an example
result (sanitised) of what Samba returns And what Windows returns.

Rowland

I Rowland, 

Thanks for quick reply. 

An exemple of ldapsearch could
be : 

ldapsearch -h PDC.domain.local -x -W -D "administrator at FHM.LOCAL"
-b "DC=FHM,DC=local" 

Returns with Samba : 

# extended LDIF
#
#
LDAPv3
# base <DC=FHM,DC=local> with scope subtree
# filter:
(objectclass=*)
# requesting: ALL
#

# Firstname LASTNAME, ou1, Users,
domain.local
dn: CN=Firstname
LASTNAME,OU=ou1,OU=Users,DC=domain,DC=local
objectClass:
top
objectClass: person
objectClass: organizationalPerson
objectClass:
user
CN: Firstname LASTNAME 

[...] 

And returns on Microsoft AD : 

#
extended LDIF
#
# LDAPv3
# base <DC=FHM,DC=local> with scope subtree
#
filter: (objectclass=*)
# requesting: ALL
# 

dn:
DC=domain,DC=local
objectClass: top
objectClass: domain
objectClass:
domainDNS
instanceType: 5
whenCreated: 20120613130158.0 

[...] 

Our
dev relies on the first element returned to grab the domain. 

Our
version is Samba 4.14.3. 

Thanks, 

Olivier B 

Le 2021-09-28 17:03,
Rowland Penny via samba a ?crit :
> On Tue, 2021-09-28 at 16:38 +0200,
Olivier BILHAUT via samba wrote:
>> Hi Samba list :) 
>> 
>> I face to a
dev which refuse to connect it's
>> software to our Samba4 for a strange
reason. 
>> 
>> He arges that Samba4
>> behaves differently than
Microsoft one ;) For sure, it behaves really
>> better ;) 
>> 
>> The
problem is tthat whenever he is performing searches
>> against a
Microsoft ldap server, the MS ldap server always returns
>> the
>> first
domain as first result followed by the remaining
objects.
>> 
>> In
our
>> case, Samba effectivelly returns a user (always the same), and
the
>> domain follows but really later on, after a bunch of users. 
>>
>> Does
>> anybody knows if this is something that can be fixed by an
option ? 
>> 
>> If
>> that's an issue, is there a chance that it could
be fixed someday ?
>> 
>> 
>> Many thanks to the community BTW, Samba is
definitly cool.
>> 
> 
> It might help if you post the ldap search you
are using and an example
> result (sanitised) of what Samba returns And
what Windows returns.
> 
> Rowland