search for: ldap_struct

Hello, I'm trying to config samba to use a openldap replica (slave) base. Every thing is working, except when I try to join a machine to a domain. Samba try to write some attributes in openldap, but this database (slave) is read-only, so this operation fails. Openldap can return a REFERRAL when a client (samba) try to do a modification on a slave database and this already is happening.

On Wed, Jan 6, 2016 at 10:36 AM, Graham Allan <allan at physics.umn.edu> wrote: > On 01/06/2016 09:53 AM, Graham Allan wrote: > >> >> The packet dump is a good idea. I get the same failure using straight >> SSL to port 636, but wireshark might be able to decode any StartTLS >> negotiation attempt on the default port. Failing that I guess I'll >>

...p = LDAP_AUTH_SIMPLE; + } + return LDAP_SUCCESS; +} +#endif + +/******************************************************************* connect to the ldap server under system privilege. ******************************************************************/ static BOOL ldap_connect_system(LDAP * ldap_struct) { int rc; static BOOL got_pw = False; - static pstring ldap_secret; /* get the password if we don't have it already */ if (!got_pw && !(got_pw=fetch_ldap_pw(lp_ldap_admin_dn(), ldap_secret, sizeof(pstring)))) @@ -237,6 +285,12 @@ /* removed the sasl_bind_s "EXTERNAL&...

I know this is something which should have a simple fix but I'm failing to see it somehow. I'm moving samba service between a couple of FreeBSD systems (9.3 to 10.2), and I'm stuck on getting samba on the new machine to connect to our openldap server over ssl - frustrating since I've been running samba+ldap for 15 years or so; feel sure I'm missing something basic!

...a > single file, while others I've had to point to a directory of certs. gdb didn't give me much new, though for the record, it needed a couple of things to be usable: (1) install newer gdb from ports, and (2) build samba with --disable-pie What I got from that was ldap_start_tls_s (ldap_struct, NULL, NULL) in smb_ldap_start_tls is returning -11 (LDAP_CONNECT_ERROR), which doesn't really help. Maximum debugging on the ldap server gave me: connection_read(3): TLS accept failure error=-1 id=1042, closing conn=1042 fd=3 closed (TLS negotiation failure) I'm out of ideas for now, o...

...'ve had to point to a directory of certs. >> > > gdb didn't give me much new, though for the record, it needed a couple of > things to be usable: (1) install newer gdb from ports, and (2) build samba > with --disable-pie > > What I got from that was ldap_start_tls_s (ldap_struct, NULL, NULL) in > smb_ldap_start_tls is returning -11 (LDAP_CONNECT_ERROR), which doesn't > really help. > > Maximum debugging on the ldap server gave me: > connection_read(3): TLS accept failure error=-1 id=1042, closing > conn=1042 fd=3 closed (TLS negotiation failure) >...

...dn (dn: uid=.......), where uid is not present any more an extract of the function in pdb_ldap.c --------------------------------------------------------------------------- if (rc != LDAP_SUCCESS) { char *ld_error = NULL; ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); DEBUG(0, ("could not delete attributes for %s, error: %s (%s)\n", dn, ldap_err2string(rc), ld_error?ld_error:"unknown")); SAFE_FREE(ld_error)...