Jonathan Hunter
2023-Nov-10 16:02 UTC
[Samba] LDAP_MATCHING_RULE_IN_CHAIN no longer working after upgrade?
One small point to add below regarding permissions - the query still fails even if I run it as Administrator. On Fri, 10 Nov 2023 at 15:50, Jonathan Hunter <jmhunter1 at gmail.com> wrote:> Whilst I have no expectation that my test script is efficient or > optimal in any way, I couldn't see an existing guide on the samba wiki > so I created a page that should hopefully help others, using my script > as an initial example(For anyone else looking for this page - it's not yet live as it needs approval since it contains external links)> > OK, so it most likely the permissions handling. > > > > If your automated bisect becomes a pain, or you want to debug in the > > traditional way, look into permissions and ensure your connecting user > > can see all the way down the chain, and check if specifying the matched > > attribute helps.I'm was running the query from a DC on the commandline as the domain Administrator user. Whilst I do have at least one OU in the domain where permissions are locked down (a few years back I think I did set custom permissions so that only specific groups can access this), the group being queried is not in this part of the tree. It is possible that some of the group members also have access to the locked-down section of the tree though; I wonder if that has any bearing on things..
Rowland Penny
2023-Nov-10 16:36 UTC
[Samba] LDAP_MATCHING_RULE_IN_CHAIN no longer working after upgrade?
On Fri, 10 Nov 2023 16:02:19 +0000 Jonathan Hunter via samba <samba at lists.samba.org> wrote:> One small point to add below regarding permissions - the query still > fails even if I run it as Administrator. > > On Fri, 10 Nov 2023 at 15:50, Jonathan Hunter <jmhunter1 at gmail.com> > wrote: > > Whilst I have no expectation that my test script is efficient or > > optimal in any way, I couldn't see an existing guide on the samba > > wiki so I created a page that should hopefully help others, using > > my script as an initial example > (For anyone else looking for this page - it's not yet live as it needs > approval since it contains external links) >When I look, it tells me that it doesn't exist and would I like to create it. If you still have it open at your end, if I remember correctly, you need to give the captcha answer to add external links. Rowland