search for: ldap_uri

Hi, I have sssd set up and it mostly works how I would expect, but the ldap_chpass_uri does not seem to work correctly with the passwd command. I have two configs, one working and one not: Working: ldap_uri = ldap://ldap.example.com ldap_chpass_uri = ldap://ldap.example.com Non Working: ldap_uri = ldap://ldap3.example.com,ldap://ldap2.example.com,ldap:// ldap.example.com ldap_chpass_uri = ldap://ldap.example.com ldap.example.com is the master ldap server, and the other two are read-only consumers....

...python scripts that need to consult samba ldap database without authentication. I've set up 2 machines, the first as PDC, the second as BDC. I run my scripts on both and while they run fine on the PDC they end with error on the BDC. Here is the minimal example that behave this way: import ldap LDAP_URI = "ldapi://%2fvar%2flib%2fsamba%2fprivate%2fldap_priv%2fldapi" l = ldap.initialize(LDAP_URI, trace_level=1) entries = l.search_s('dc=mon,dc=dom', ldap.SCOPE_SUBTREE) print(entries) it ends with: ldap.OPERATIONS_ERROR: {'info': '00002020: Operation unavailable without...

I'm trying to use autofs with Active Directory. This works: autofs_ldap_auth.conf: <autofs_ldap_sasl_conf usetls="yes" tlsrequired="yes" authrequired="yes" clientprinc="nfs/myhost at MYDOMAIN" /> /etc/sysconfig/autofs: LDAP_URI="ldap://domaincontroller1 ldap://domaincontroller2" This also works if I replace the auth with a DIGEST-MD5 from GSSAPI (which gets used by default). Good so far. However, I don't want to explicitly list the domain controllers. Discovering them via SRV records fails to work (even...

Samba4 beta6. CentOS 6.3. I have a CentOS client, using sssd, bound to a samba4 domain. The sssd configuration uses GSSAPI to bind to the directory. In both scenarios below, kerberos is fine, DNS is fine, I can use ldapsearch and bind to the directory with GSSAPI just fine, etc. If I have just one DC, everything works perfectly well for weeks on end. If I have two or more DC's,

...t authentication. >> I've set up 2 machines, the first as PDC, the second as BDC. >> I run my scripts on both and while they run fine on the PDC they end >> with error on the BDC. >> Here is the minimal example that behave this way: >> >> import ldap >> LDAP_URI = "ldapi://%2fvar%2flib%2fsamba%2fprivate%2fldap_priv%2fldapi" >> >> l = ldap.initialize(LDAP_URI, trace_level=1) >> entries = l.search_s('dc=mon,dc=dom', ldap.SCOPE_SUBTREE) >> print(entries) >> >> it ends with: ldap.OPERATIONS_ERROR: {'inf...

...> > > > > > [nss] > > > > > > [pam] > > > > > > [domain/xxx.xx] > > ldap_referrals = false > > enumerate = true > > > > id_provider = ldap > > #access_provider = ldap > > auth_provider = ldap > > ldap_uri = ldap://xxx-DC-A.xxx.xxx:389 > > ldap_id_use_start_tls = False > > ldap_auth_disable_tls_never_use_in_production = true > > ldap_default_bind_dn = CN=ldapadmin,cn=Users,dc=xxx,dc=xxx > > ldap_default_authtok_type = password > > ldap_default_authtok = xxxxxxxx > &gt...

...hines, the first as PDC, the second as BDC. >>>> I run my scripts on both and while they run fine on the PDC they end >>>> with error on the BDC. >>>> Here is the minimal example that behave this way: >>>> >>>> import ldap >>>> LDAP_URI = >>>> "ldapi://%2fvar%2flib%2fsamba%2fprivate%2fldap_priv%2fldapi" >>>> >>>> l = ldap.initialize(LDAP_URI, trace_level=1) >>>> entries = l.search_s('dc=mon,dc=dom', ldap.SCOPE_SUBTREE) >>>> print(entries) >>>&gt...

...rt file , if yes where? which i can use in sssd tls authenticaiton ? > Thanks for the help > > > # A native LDAP domain > [domain/LDAP] > enumerate = true > cache_credentials = TRUE > > id_provider = ldap > auth_provider = ldap > chpass_provider = ldap > > ldap_uri = ldap://ldap.mydomain.org > ldap_search_base = dc=mydomain,dc=org > tls_reqcert = demand > ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt > > > > On Fri, Sep 2, 2016 at 10:09 PM, Rowland Penny via samba < > samba at lists.samba.org> wrote: > >> On Fri...

...b] (3): Going offline. Running callbacks. my sssd configuation is bellow [sssd] config_file_version = 2 domains = xxx.xxx services = nss, pam debug_level = 5 [nss] [pam] [domain/xxx.xx] ldap_referrals = false enumerate = true id_provider = ldap #access_provider = ldap auth_provider = ldap ldap_uri = ldap://xxx-DC-A.xxx.xxx:389 ldap_id_use_start_tls = False ldap_auth_disable_tls_never_use_in_production = true ldap_default_bind_dn = CN=ldapadmin,cn=Users,dc=xxx,dc=xxx ldap_default_authtok_type = password ldap_default_authtok = xxxxxxxx ldap_schema = rfc2307bis ldap_user_search_base = dc=xx,d...

...s own branch for "ldap group suffix", that's the point): passdb backend = ldapsam:ldap://ldap.domain.tld ldap suffix = dc=domain,dc=tld ldap user suffix = ou=people ldap group suffix = ou=server01,ou=smb,ou=Groups NSS uses LDAP via SSSD like this: [domain/LDAP] id_provider = ldap ldap_uri = ldap://ldap.domain.tld ldap_search_base = dc=domain,dc=tld ldap_user_search_base = ou=People,dc=domain,dc=tld ldap_group_search_base = ou=server01,ou=smb,ou=Groups,dc=domain,dc=tld The sambaDomainName is stored in an entry in LDAP path ou=smb,dc=domain,dc=tld. Each server has it's own entr...

...ba ldap > database without authentication. > I've set up 2 machines, the first as PDC, the second as BDC. > I run my scripts on both and while they run fine on the PDC they end > with error on the BDC. > Here is the minimal example that behave this way: > > import ldap > LDAP_URI = "ldapi://%2fvar%2flib%2fsamba%2fprivate%2fldap_priv%2fldapi" > > l = ldap.initialize(LDAP_URI, trace_level=1) > entries = l.search_s('dc=mon,dc=dom', ldap.SCOPE_SUBTREE) > print(entries) > > it ends with: ldap.OPERATIONS_ERROR: {'info': '00002020: O...

...the samba 3 servers use this openldap base /passdb backend = ldapsam:ldaps://ldap.intra.labo.fr// (in the smb.conf) I tried to migrate the users account of my openldap database to internal samba4 ldap database. For this I used the myldap-pub.py script with this command line : /./myldap-pub.py --ldap_uri=ldap://ldap-server.labo.fr \// //--ldap_binddn="cn=admin,ou=administrateur,dc=labo,dc=fr" \// //--ldap_bindpwd="password" \// //--output_basedn="dc=labo,dc=fr" \// //--input_domain_name="DOMAIN" \// //--input_basedn="dc=labo,dc=fr" \// //--import_...

...tell me by default when i installed samba4 , did it create any .crt file , if yes where? which i can use in sssd tls authenticaiton ? Thanks for the help # A native LDAP domain [domain/LDAP] enumerate = true cache_credentials = TRUE id_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://ldap.mydomain.org ldap_search_base = dc=mydomain,dc=org tls_reqcert = demand ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt On Fri, Sep 2, 2016 at 10:09 PM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Fri, 2 Sep 2016 12:33:34 -0700 > John Yocum via s...

...t; I've set up 2 machines, the first as PDC, the second as BDC. >>> I run my scripts on both and while they run fine on the PDC they end >>> with error on the BDC. >>> Here is the minimal example that behave this way: >>> >>> import ldap >>> LDAP_URI = "ldapi://%2fvar%2flib%2fsamba%2fprivate%2fldap_priv%2fldapi" >>> >>> l = ldap.initialize(LDAP_URI, trace_level=1) >>> entries = l.search_s('dc=mon,dc=dom', ldap.SCOPE_SUBTREE) >>> print(entries) >>> >>> it ends with: ldap.OPE...

...ersion = 2 domains = default [nss] [pam] [domain/default] access_provider = simple #simple_allow_users = myuser enumerate = false cache_credentials = True id_provider = ldap auth_provider = krb5 chpass_provider = krb5 krb5_realm = HH3.SITE krb5_server = hh16.hh3.site krb5_kpasswd = hh16.hh3.site ldap_uri = ldap://hh16.hh3.site/ ldap_search_base = dc=hh3,dc=site ldap_tls_cacertdir = /usr/local/samba/private/tls ldap_id_use_start_tls = False ldap_default_bind_dn = cn=lynn2,cn=Users,dc=hh3,dc=site ldap_default_authtok = xx ldap_default_authtok_type = password ldap_user_object_class = person ldap_user_...

Hi, all. I want to track user last login data (ip address, login date, etc) with dovecot, followed dovecot tutorial[1], and it now works with IMAP, but failed with POP3. i don't know why. My script: ---- LDAP_URI='ldap://127.0.0.1:389' LDAP_BASEDN='o=domains,dc=iredmail,dc=org' BIND_DN='cn=vmailadmin,dc=iredmail,dc=org' BIND_PW='plain_passwd' if [ X"${USER}" != X"dump-capability" ]; then ldapmodify -c -x \ -H "${LDAP_URI}" \...

Hi, I'm planing to setup a new samba fileserver as a member to an existing samba 3.x SMB. The old server is still nss-pam-ldapd configured (historic left overs). As I dont have any pressure to have the new server up and running within the next few hours, I liked to set up sssd with our existing openldap. After googling and reading some documentations from redhat/fedora I think I do have a

...= ldapsam:ldap://ldap.domain.tld >> ldap suffix = dc=domain,dc=tld >> ldap user suffix = ou=people >> ldap group suffix = ou=server01,ou=smb,ou=Groups >> >> NSS uses LDAP via SSSD like this: >> >> [domain/LDAP] >> id_provider = ldap >> >> ldap_uri = ldap://ldap.domain.tld >> ldap_search_base = dc=domain,dc=tld >> >> ldap_user_search_base = ou=People,dc=domain,dc=tld >> ldap_group_search_base = ou=server01,ou=smb,ou=Groups,dc=domain,dc=tld >> >> The sambaDomainName is stored in an entry in LDAP path >&gt...

...ok=0 [../pam_yubico.c:parse_cfg(769)] verbose_otp=0 [../pam_yubico.c:parse_cfg(770)] try_first_pass=0 [../pam_yubico.c:parse_cfg(771)] use_first_pass=0 [../pam_yubico.c:parse_cfg(772)] authfile=/etc/yubikey_mappings [../pam_yubico.c:parse_cfg(773)] ldapserver=(null) [../pam_yubico.c:parse_cfg(774)] ldap_uri=(null) [../pam_yubico.c:parse_cfg(775)] ldapdn=(null) [../pam_yubico.c:parse_cfg(776)] user_attr=(null) [../pam_yubico.c:parse_cfg(777)] yubi_attr=(null) [../pam_yubico.c:parse_cfg(778)] yubi_attr_prefix=(null) [../pam_yubico.c:parse_cfg(779)] url=(null) [../pam_yubico.c:parse_cfg(780)] capath=(nul...

...ovider = krb5 > chpass_provider = krb5 > krb5_realm = RADIODJIIDO.NC > krb5_server = serveur.radiodjiido.nc > krb5_kpasswd = serveur.radiodjiido.nc > #next line only lists users with uidNumber/gidNumber entered via ldbedit > ldap_id_mapping = false > ldap_referrals = false > ldap_uri = ldap://serveur.radiodjiido.nc > ldap_search_base = dc=radiodjiido,dc=nc > ldap_user_object_class = user > ldap_user_name = samAccountName > ldap_user_uid_number = uidNumber > ldap_user_gid_number = gidNumber > ldap_user_home_directory = unixHomeDirectory > ldap_user_shell = l...