samba - Sep 2021 - LdapSearch returns a user first instead of the domain base

I Rowland, 

Thanks for quick reply. 

An exemple of ldapsearch could
be : 

ldapsearch -h PDC.domain.local -x -W -D "administrator at FHM.LOCAL"
-b "DC=FHM,DC=local" 

Returns with Samba : 

# extended LDIF
#
#
LDAPv3
# base <DC=FHM,DC=local> with scope subtree
# filter:
(objectclass=*)
# requesting: ALL
#

# Firstname LASTNAME, ou1, Users,
domain.local
dn: CN=Firstname
LASTNAME,OU=ou1,OU=Users,DC=domain,DC=local
objectClass:
top
objectClass: person
objectClass: organizationalPerson
objectClass:
user
CN: Firstname LASTNAME 

[...] 

And returns on Microsoft AD : 

#
extended LDIF
#
# LDAPv3
# base <DC=FHM,DC=local> with scope subtree
#
filter: (objectclass=*)
# requesting: ALL
# 

dn:
DC=domain,DC=local
objectClass: top
objectClass: domain
objectClass:
domainDNS
instanceType: 5
whenCreated: 20120613130158.0 

[...] 

Our
dev relies on the first element returned to grab the domain. 

Our
version is Samba 4.14.3. 

Thanks, 

Olivier B 

Le 2021-09-28 17:03,
Rowland Penny via samba a ?crit :
> On Tue, 2021-09-28 at 16:38 +0200,
Olivier BILHAUT via samba wrote:
>> Hi Samba list :) 
>> 
>> I face to a
dev which refuse to connect it's
>> software to our Samba4 for a strange
reason. 
>> 
>> He arges that Samba4
>> behaves differently than
Microsoft one ;) For sure, it behaves really
>> better ;) 
>> 
>> The
problem is tthat whenever he is performing searches
>> against a
Microsoft ldap server, the MS ldap server always returns
>> the
>> first
domain as first result followed by the remaining
objects.
>> 
>> In
our
>> case, Samba effectivelly returns a user (always the same), and
the
>> domain follows but really later on, after a bunch of users. 
>>
>> Does
>> anybody knows if this is something that can be fixed by an
option ? 
>> 
>> If
>> that's an issue, is there a chance that it could
be fixed someday ?
>> 
>> 
>> Many thanks to the community BTW, Samba is
definitly cool.
>> 
> 
> It might help if you post the ldap search you
are using and an example
> result (sanitised) of what Samba returns And
what Windows returns.
> 
> Rowland

On Tue, 2021-09-28 at 17:43 +0200, Olivier BILHAUT
wrote:
> I Rowland,
> Thanks for quick reply.
>  
> An exemple of ldapsearch could be :
> ldapsearch -h PDC.domain.local -x -W -D "administrator at
FHM.LOCAL" -b
> "DC=FHM,DC=local"
>  
> Returns with Samba :
>  
> # extended LDIF
> #
> # LDAPv3
> # base <DC=FHM,DC=local> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
> 
> # Firstname LASTNAME, ou1, Users, domain.local
> dn: CN=Firstname LASTNAME,OU=ou1,OU=Users,DC=domain,DC=local
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> CN: Firstname LASTNAME
> [...]
>  
> And returns on Microsoft AD :
> # extended LDIF
> #
> # LDAPv3
> # base <DC=FHM,DC=local> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
> dn: DC=domain,DC=local
> objectClass: top
> objectClass: domain
> objectClass: domainDNS
> instanceType: 5
> whenCreated: 20120613130158.0
> [...]
>  
> Our dev relies on the first element returned to grab the domain.
> Our version is Samba 4.14.3.
> Thanks,
> Olivier B
> 
I see what you mean, I didn't know that windows responded in that way,
there must be something on the windows end to 'sort' the results before
printing them, code that Samba does not have.

As this is Unix, there are numerous other ways of obtaining the
'domain' name (by which, I think you mean the netbios domain name, aka
'workgroup').

Rowland