Björn JACKE
2022-Sep-21 18:48 UTC
[Samba] Problems with Samba after upgrading to v4 and changing LDAP-backend from OpenLDAP to 389
Hello Alexander, On 2022-09-21 at 11:57 +0200 Alexander Harm || ApfelQ via samba sent off:> LDAP seems to work in principle "pdbedit -L? is successful. However, running ?pdbedit -Lv username? returns an error: ?Failed to find a Unix account for username? and ?Primary Group SID: (NULL SID)?. > > So I guess the idmap is messed up? > > Actually I?m not sure how the idmap is stored in LDAP since both idmap-OUs look the same to me (empty) on the old OpenLDAP and new 389. > > Any hints/advice?the old non-OpenLDAP schema files might not be as up-to-date as the OpenLDAP schema file is. We had a focus mainly on the OpenLDAP support in the past and the Netscape schema files had missed updated sometimes. Or the schema extension is not correctly installed on your 389 server. Best regards Bj?rn -- SerNet GmbH - Bahnhofsallee 1b - 37081 G?ttingen phone: +495513700000 mailto:contact at sernet.com AG G?ttingen: HR-B 2816 - https://www.sernet.com Manag. Directors Johannes Loxen and Reinhild Jung data privacy policy https://www.sernet.de/privacy
Alexander Harm || ApfelQ
2022-Sep-21 19:32 UTC
[Samba] Problems with Samba after upgrading to v4 and changing LDAP-backend from OpenLDAP to 389
Thank you all for your input, very much appreciated. Would there be a way to migrate the idmap from LDAP from the old OpenLDAP to e. g. IDMAP_RID? Regards, Alexander> On Wednesday, Sep 21, 2022 at 8:48 PM, Bj?rn JACKE <bjacke at SerNet.DE (mailto:bjacke at SerNet.DE)> wrote: > Hello Alexander, > > On 2022-09-21 at 11:57 +0200 Alexander Harm || ApfelQ via samba sent off: > > LDAP seems to work in principle "pdbedit -L? is successful. However, running ?pdbedit -Lv username? returns an error: ?Failed to find a Unix account for username? and ?Primary Group SID: (NULL SID)?. > > > > So I guess the idmap is messed up? > > > > Actually I?m not sure how the idmap is stored in LDAP since both idmap-OUs look the same to me (empty) on the old OpenLDAP and new 389. > > > > Any hints/advice? > > the old non-OpenLDAP schema files might not be as up-to-date as the OpenLDAP > schema file is. We had a focus mainly on the OpenLDAP support in the past and > the Netscape schema files had missed updated sometimes. Or the schema extension > is not correctly installed on your 389 server. > > Best regards > Bj?rn > -- > SerNet GmbH - Bahnhofsallee 1b - 37081 G?ttingen > phone: +495513700000 mailto:contact at sernet.com > AG G?ttingen: HR-B 2816 - https://www.sernet.com > Manag. Directors Johannes Loxen and Reinhild Jung > data privacy policy https://www.sernet.de/privacy