search for: ldapmessage

...this with Samba from Debian 4.1.17+dfsg-2. >> Is this a missing feature or a bug? > > Not sure. Can you provide network traces of Thunderbird > trying to do this against a Samba4 AD/DC ? Here are the packet details for the search request: Lightweight Directory Access Protocol LDAPMessage searchRequest(2) "OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de" wholeSubtree messageID: 2 protocolOp: searchRequest (3) searchRequest baseObject: OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de scope: wholeSubtree (2...

...TLS AUTH=PLAIN] Dovecot ready. 1 login someuser somepassword results in the error message "result: mail=someuser at example.de; userPassword missing" A tcpdump shows the following searchRequest: --------------------------------------------------- Lightweight Directory Access Protocol LDAPMessage searchRequest(2) "dc=example,dc=de" wholeSubtree ... Filter: (sAMAccountName=someuser) filter: equalityMatch (3) equalityMatch attributeDesc: sAMAccountName assertionValue: someuser attributes: 2 items AttributeDescription: mail AttributeDescription: u...

Dear Samba users and developers, we had the idea of storing S/MIME certificates in the Samba 4 LDAP. In the Windows Active Directory Users and Computers tool I can use the "Published Certificates" tab to add a certificate to a user account. As Mozilla Thunderbird requests the "userCertificate;binary" attribute of a user when sending encrypted mail, the LDAP response is empty.

...are_72:06:06 (00:0c:29:72:06:06), Dst: Vmware_06:a9:58 (00:0c:29:06:a9:58) Internet Protocol Version 4, Src: 192.168.1.12 (192.168.1.12), Dst: 192.168.1.41 (192.168.1.41) User Datagram Protocol, Src Port: ldap (389), Dst Port: 65146 (65146) Connectionless Lightweight Directory Access Protocol LDAPMessage searchResEntry(3) "<ROOT>" [1 result] messageID: 3 protocolOp: searchResEntry (4) searchResEntry objectName: attributes: 1 item PartialAttributeList item netlogon type: netlogon...

...we want to access our Amazon/AWS Console using users from our internal samba4 directory service. So we tried to connect to our samba4 via the AWS AD Connector.  Connection (bind) is ok, but no users/groups are found.  Via tcpdump/wireshark we found this query/answer pair: Query from AD Connector LDAPMessage searchRequest(5) “dc=companyname,dc=com" wholeSubtree Filter: (&(ANR=testuser*)(sAMAccountType=805306368)) Answer from Samba4 resultCode: unavailableCriticalExtension (12) The following controlType is marked as critical in the query: controlType: 2.16.840.1.113730.3.4.9 (LDAP_CONTROL_VLV...

...ure or a bug? >>> >>> Not sure. Can you provide network traces of Thunderbird >>> trying to do this against a Samba4 AD/DC ? >> >> >> Here are the packet details for the search request: >> >> Lightweight Directory Access Protocol >> LDAPMessage searchRequest(2) >> "OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de" wholeSubtree >> messageID: 2 >> protocolOp: searchRequest (3) >> searchRequest >> baseObject: >> OU=People,OU=Users,OU=LSE,DC=corp,DC=...

...irectory: /dev/null loginShell: /bin/false cn: rlvcosta givenName: rlvcosta sn: rlvcosta uid: rlvcosta uidNumber: 500 gidNumber: 9126 sambaSID: S-1-5-21-1299536883-3844537390-917088389-1001 This appears to be ok. Although when I put a tcpdumo trace I see: Lightweight Directory Access Protocol LDAPMessage searchRequest(161) "dc=flores,dc=com" wholeSubtree messageID: 161 protocolOp: searchRequest (3) searchRequest baseObject: dc=flores,dc=com scope: wholeSubtree (2) derefAliases: neverDerefAliases (0)...

...mber=user This is the error reported by doveadm index: doveadm(root): Error: User listing returned failure doveadm: Error: Failed to iterate through some users If you put a tcpdump to monitor the search, you i'll see 3 packets. The first is the LDAP searchRequest message, with this content: LDAPMessage searchRequest(3) "*ou=,*ou=mail,ou=services,dc=domain" wholeSubtree If I change the base parameter of config file to this, it works perfectly: base = ou=net.domain,ou=mail,ou=services,dc=domain tcpdump: LDAPMessage searchRequest(3) "*ou=**net.domain**,*ou=mail,ou=services,dc=domai...

...; > Is this a missing feature or a bug? > > > > Not sure. Can you provide network traces of Thunderbird > > trying to do this against a Samba4 AD/DC ? > > > Here are the packet details for the search request: > > Lightweight Directory Access Protocol > LDAPMessage searchRequest(2) > "OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de" wholeSubtree > messageID: 2 > protocolOp: searchRequest (3) > searchRequest > baseObject: > OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de >...

...dap signing is required". We configured start-tls, copied over the CA certificate but getting an error for the request to start ssl/tls To be exact, here is what we see in wireshark: Our request to the domain: requestName: 1.3.6.1.4.1.1466.20037 (LDAP_START_TLS_OID) Respond from the domain: LDAPMessage extendedResp(1) (00000000: LdapErr: DSID-0C090E0B, comment: Error initializing SSL/TLS, data 0, v1771) We also saw the same problem with windows 2003 SP2 however; it is working well for any other windows 2003 domain. Is it a known issue? Any hint will be much appreciated. Cheers, Ephi PS: un...

Dear List, I seem to have a problem with winbind. Have successfully joined samba to a 2003 AD, but when I start winbind, the logs are full of the following: ==> log.winbindd <== [2008/01/14 11:25:58, 1] libads/cldap.c:recv_cldap_netlogon(247) Failed to parse cldap reply Running wbinfo -t returns: checking the trust secret via RPC calls failed error code was (0x0) Could not check

...0000000802b36b7a in update_ldap (basedn=0x7fffff8921a0 "ou=users,o=domain", table_name=0x7fffff8920a0 "sip", attribute=0x80907bde6 "name", lookup=0x802859a00 "dummyuzer", ap=0x7fffff892080) at res_config_ldap.c:1285 error = 0 ldap_entry = (LDAPMessage *) 0x8028bcf80 ldap_mods = (LDAPMod **) 0x8028d0220 newparam = 0x0 newval = 0x802859bd0 "dummyuzer" dn = 0x8028d01f0 "uid=dummyuzer,ou=users,o=domain" num_entries = 1 i = 0 mods_size = 5 mod_exists = 0 table...

...om /lib/libc.so.5 No symbol table info available. #7 0x1827a644 in free () from /lib/libc.so.5 No symbol table info available. #8 0x080502c7 in ldap_input (context=0x2c) at db-ldap.c:172 request = (struct ldap_request *) 0x806a580 timeout = {tv_sec = 0, tv_usec = 0} res = (LDAPMessage *) 0x806a5a0 ret = 0 msgid = 405650150 #9 0x0805cea8 in io_loop_handler_run (ioloop=0x8075340) at ioloop-poll.c:184 data = (struct ioloop_handler_data *) 0x806a160 pollfd = (struct pollfd *) 0x2 tv = {tv_sec = 0, tv_usec = 268537} io = (struct io *)...

...[debug] mod_authnz_ldap.c(373): [client 10.XX.XXX.XX] [13437] auth_ldap authenticate: using URL ldap://10.XX.X.XXX:389/DC=centos,DC=org?sAMAccountName?sub?(objectClass=*) In capturing the packets I see that it binds successfully several times and then tries to authenticate. The AD box returns: LDAPMessage searchResDone(5) operationsError (00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece) [0 results] None of the binds that occur in the capture failed though. (all the bind responses reported success)...

...85* *User Datagram Protocol*,*Src Port: 60549, Dst Port: 389* ??? Source Port: 60549 ??? Destination Port: 389 ??? Length: 99 ??? Checksum: 0x7950 [unverified] ??? [Checksum Status: Unverified] ??? [Stream index: 0] ??? [Timestamps] *Connectionless Lightweight Directory Access Protocol* ??? LDAPMessage searchRequest(10556) "<ROOT>" baseObject ??????? messageID: 10556 ??????? protocolOp: searchRequest (3) ??????????? searchRequest ??????????????? baseObject: ??????????????? scope: baseObject (0) ??????????????? derefAliases: neverDerefAliases (0) ??????????????? sizeLimit: 0...

First thing - I'd like to say a big "THANK YOU" to the developers. I just upgraded to samba-3.0.23 and I've noticed an alarming issue with respect to my configuration. I've been using the built-in keytab management and it looks like the updated code no longer creates the userPrincipal in Active Directory. Whether this is an issue for others or not, it would be nice to have

...bffffb58) at ../source3/passdb/pdb_ldap.c:4854 smbldap_state = 0x80027fc0 result = 0x80036740 entry = 0x80036740 mods = 0x80011a98 status = {v = 0} value = 0x0 rc = -2147280760 nextRid = 1012 dn = 0xb70dbd06 "LDAPMessage *" mem_ctx = 0x80032f78 __FUNCTION__ = "ldapsam_get_new_rid" #2 0xb7d45c33 in ldapsam_new_rid_internal (methods=0x80027e28, rid=0xbffffb58) at ../source3/passdb/pdb_ldap.c:4882 result = {v = 0} i = 0 #3 0xb7d46bd3 in ldapsam_create_user (my...

...and operatingSystemVersion attributes + ********************************************************************/ + +static ADS_STATUS net_set_machine_opsystem(TALLOC_CTX *ctx, ADS_STRUCT *ads_s ) +{ + ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN); + char *new_dn; + ADS_MODLIST mods; + char *psp; + LDAPMessage *res = NULL; + char *dn_string = NULL; + const char *machine_name = global_myname(); + int count; + + if ( !machine_name ) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + + /* Find our DN */ + + status = ads_find_machine_acct(ads_s, (void **)(void *)&res, machine_name); + if (!ADS_ERR_OK(status))...

..._mapping_entry: SID already mapped in LDAP\n")); + return NT_STATUS_UNSUCCESSFUL; + } + rc = ldapsam_search_one_group_by_gid(ldap_state, map->gid, &result); if (rc != LDAP_SUCCESS) { ldap_msgfree(result); @@ -1991,6 +1997,14 @@ LDAPMessage *entry = NULL; LDAPMod **mods = NULL; + GROUP_MAP dummy; + + if (NT_STATUS_IS_OK(ldapsam_getgrgid(methods, &dummy, + map->gid))) { + DEBUG(0, ("ldapsam_update_group_mapping_entry: Unix group %ld already mapped in LDAP...

On Fri, Mar 04, 2016 at 04:16:44PM +0000, Rowland penny wrote: > On 04/03/16 09:58, Volker Lendecke wrote: > >On Fri, Mar 04, 2016 at 10:53:17AM +0100, Volker Lendecke wrote: > >>On Wed, Mar 02, 2016 at 09:23:34AM +0000, Rowland penny wrote: > >>>OK, here is the output: > >>Can you try the attached (UNTESTED!) patch? > >> > >>Thanks, >