search for: basedn

On Mon, 2022-09-19 at 14:04 +0000, Heinz H?lzl via samba wrote: > hello, > I often have the problem of high load on the LDAP processes. > 1-3 LDAP processes cause 100% cpu load for approx. 10 sec. This > happens > regularly in intervals of 2-3 minutes. > How can I find out which client is causing this load and why? > How can I configure the logging to see who/what is causing

...the PCs are switched on and the users log in. some ldap-searches take a very long time, sometimes even over 15 seconds e.g: ldapsrv_SearchRequest: LDAP Query: Duration was 15.74s, SearchRequest by S-1-5-21-xxxxxxxxxx-xxxxxxxxxxxxxx-8585 from ipv4:192.168.35.117:49240 filter: [(objectClass=user)] basedn: [DC=example,DC=net] scope: [SUB] result: Success The load of the ldap processes reaches 100% of a CPU. The ldapserver is then no longer responsive. It seems that the ldapsearches are blocking each other. The result is very long response times for login and other authentications. we have 6 DC,...

...travels and will never > > see the Domain's default notification. I haven't found any complete > > (and simple) solution online. So I wrote one. In case it helps > > anyone, you find it below. > > > > You should only have to fill in the blanks for the the "basedn" > > search parameter. Time conversion methods are taken from here: > > http://meinit.nl/convert-active-directory-lastlogon-time-to-unix-readable-time > > > > > > Ole > > > > > > > > > > -- > > > > #!/bin/sh > > &g...

...rd will expire. Some of our users are on long travels and will never see the Domain's default notification. I haven't found any complete (and simple) solution online. So I wrote one. In case it helps anyone, you find it below. You should only have to fill in the blanks for the the "basedn" search parameter. Time conversion methods are taken from here: http://meinit.nl/convert-active-directory-lastlogon-time-to-unix-readable-time Ole -- #!/bin/sh max_pwAge=`samba-tool domain passwordsettings show | grep "Maximum password age" | tr -dc '0-9'` user_list=...

...t;}","") IndexError: list index out of range That is the names.policyid line in below snippet ----------------------------------- res7 = samdb.search(expression="(displayName=Default Domain Policy)", base="CN=Policies,CN=System," + basedn, scope=ldb.SCOPE_ONELEVEL, attrs=["cn","displayName"]) names.policyid = str(res7[0]["cn"]).replace("{","").replace("}","") # dc policy guid res8 = samdb.search(expression="(displayNam...

...o. If you want. I have already implemented something like this : ############################### # get user rfc2307 attributes # ############################### # get the new uid # userUid=$(s4ldbsearch -H $samDatabase -s base -b CN=$shortDomain,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,$baseDN msSFU30MaxUidNumber | grep 'msSFU30MaxUidNumber:') if [ -z "$userUid" ]; then userUid="$baseUid" else userUid=$(echo $userUid | sed 's/^msSFU30MaxUidNumber: \(.*\)/\1/') fi # get the gid # strgid=$(wbinfo --group-info="$userClassGroup") userGid=$...

...>> >> That is the names.policyid line in below snippet >> >> ----------------------------------- >> res7 = samdb.search(expression="(displayName=Default Domain >> Policy)", >> base="CN=Policies,CN=System," + basedn, >> scope=ldb.SCOPE_ONELEVEL, >> attrs=["cn","displayName"]) >> names.policyid = str(res7[0]["cn"]).replace("{","").replace("}","") The problem is the way the search is being carrie...

...DTI:2 Primary Group SID: S-1-5-21-215069222-2822928016-2390355089-666 Full Name: david The weird thing is ldapsam_getsampwsid: Unable to locate SID I think I made a mistake when creating both unix groups and samba groups. Here is how the unix group is defined : dn: cn=cdti,ou=Group,BASEDN objectClass: posixGroup objectClass: top cn: cdti userPassword: {crypt}x gidNumber: 666 Here is how the samba group is defined : dn: cn=CDTI,ou=Groups,BASEDN objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping cn: CDTI description:: Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1l...

...our users are on long travels and will never see > the Domain's default notification. I haven't found any complete (and > simple) solution online. So I wrote one. In case it helps anyone, you > find it below. > > You should only have to fill in the blanks for the the "basedn" search > parameter. Time conversion methods are taken from here: > http://meinit.nl/convert-active-directory-lastlogon-time-to-unix-readable-time > > > Ole > > > > > -- > > #!/bin/sh > > max_pwAge=`samba-tool domain passwordsettings show | grep &qu...

...l never >>> see the Domain's default notification. I haven't found any complete >>> (and simple) solution online. So I wrote one. In case it helps >>> anyone, you find it below. >>> >>> You should only have to fill in the blanks for the the "basedn" >>> search parameter. Time conversion methods are taken from here: >>> http://meinit.nl/convert-active-directory-lastlogon-time-to-unix-readable-time >>> >>> >>> Ole >>> >>> >>> >>> >>> -- >>>...

...with Samba-AD for authentication purposes. We are receiving the error message, "Cannot Connect to Active Directory". The settings used for establishing connection are as follows: Server Name : dc.example.com UserDN : CN=Administrator,CN=Users,DC=example,DC=com Password = ************ BaseDN = DC=example,DC=com. NextCloud server is able to detect the port as 389. But cannot detect the BaseDN. However the same setting works perfectly with AD on Windows Server 2008 R2 or Windows Server 2012 R2. Our smb.conf: --------------------------------------- # Global parameters [global]    ...

...I would like to move everything to dc=mycompany,dc=com. So I copy all of the subentries of ou=corp (ou=computers, ou=people, ou=grooups, and the sambaDomainName entries) to dc=mycompany,dc=com. I change the /etc/ldap.conf files to all point to the new OU. Perfect. However when I change the baseDN in my smb.conf, all of a sudden I cannot authenticate. Even when doing smbcontrol smbd reload-config. The only thing I can figure is that it might be doing a 'sub' search and finding two entries for my user, because I left the 'ou=corp' DN as it was. Is it that, or is there s...

...et, where -U _username_ was stated. > > My ldbsearch is from pure Samba-4.9.5, self compiled on Fedora 29 > x86_64. And now I see it even has not '-V' switch: > > [root at dc1 bind-dns]# ldbsearch --usage > Usage: [-?viraS] [-?|--help] [--usage] [-H|--url=URL] > [-b|--basedn=DN] [-e|--editor=PROGRAM] [-s|--scope=SCOPE] > [-v|--verbose] [--trace] [-i|--interactive] [-r|--recursive] > [--modules-path=PATH] [--num-searches=INT] [--num-records=INT] > [-a|--all] [--nosync] [-S|--sorted] [-o=OPTION] [--controls=STRING] > [--show-binary] [--paged] [--show-deleted]...

On Wed, 30 May 2018 10:33:55 +0200 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > > > > So, in AD LDAP lingo, a 'modify' is not atomic, and a 'delete/add' > > > yes? > > Ahem, i meant: > > So, in AD LDAP lingo, a 'replace' is not atomic, and a

Mandi! Rowland penny via samba In chel di` si favelave... > If you go here: http://www.selfadsi.org/extended-ad/user-unlock.htm > It says: So, seems to me that 'Lockout-Duration' is an 'unused option'... -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via

...1.3.6.1.4.1.19937.1.2.1 NAME 'systemQuotas' SUP > > posixAccount AUXILIARY > > DESC 'System Quotas' > > MUST ( uid ) > > MAY ( quota )) > > > > Run this file through oLschema2ldif > > > > NOTE: the 'basedn' is your rootdse, -I is where the ldif is and what you > > called it, -O is is where you want the new file to be created and what > > you want it to be called. > > > > root at dc01:~# oLschema2ldif --basedn=DC=example,DC=com -I > > /root/quota.schema -O /...

...one else. I would appreciate some input on the access.conf.pl file so that it is even better tuned. Mr Tournier and the sambateam: Please include the files you find usefull. The attached files are: slapd.conf.pl : A simple utility to generate a bafis slapd.conf file. Usage: ./slapd.conf.pl <basedn> <hostname> [tls] > slapd.conf. Note: This one is not that important. access.conf.pl: This is a simple utility to generate a working set of ACLs for a basic samba-ldap installation. Usage: ./access.conf.pl <basedn> <hostname> > access.conf access.conf must then be adde...

Hi, Ive been trying to work out how to get wbinfo to list members of a specific AD group, rather than list groups a specific user is in. So far I have had no luck... In fact im not sure its possible with wbinfo. Is there another tool which could do this? James -- Sent using Dekko from my Ubuntu device

...rs,DC=ad,DC=lasthome,DC=solace,DC=krynn > dn: CN=Administrator,CN=Users,DC=ad,DC=lasthome,DC=solace,DC=krynn > > So that must not be the problem, then.. Do you see anything else that > stands out in the lines below? > > augmentedActiveDirectory: > ??? groupsQuery: > ??????? baseDN: "DC=ad,DC=lasthome,DC=solace,DC=krynn" > ??????? scope: sub > ??????? derefAliases: never > ??????? pageSize: 0 > ??????? filter: (objectclass=group) > ??? groupUIDAttribute: primaryGroupID > ??? groupNameAttributes: [ cn ] > ??? groupMembershipAttributes: [ "me...

...9;{print $NF}' > See here: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adls/eb73820d-907a-49a5-a6f3-1847f86629b4 following the link here the code: user_is_locked () { # We folow spec, if zero, is not locked. local LOT=$(ldbsearch ${LDB_OPTS} -b "${BASEDN}" "(&(objectClass=user)(sAMAccountName=$1))" lockoutTime | grep "^lockoutTime: " | cut -d ' ' -f 2-) if [ -z "${LOT}" ] || [ ${LOT} -eq 0 ]; then return 1 fi # If non-zero, we take into account also the expirati...