search for: ldapmessage

...this with Samba from Debian 4.1.17+dfsg-2. >> Is this a missing feature or a bug? > > Not sure. Can you provide network traces of Thunderbird > trying to do this against a Samba4 AD/DC ? Here are the packet details for the search request: Lightweight Directory Access Protocol LDAPMessage searchRequest(2) "OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de" wholeSubtree messageID: 2 protocolOp: searchRequest (3) searchRequest baseObject: OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de scope: wholeSubtree (2...

...TLS AUTH=PLAIN] Dovecot ready. 1 login someuser somepassword results in the error message "result: mail=someuser at example.de; userPassword missing" A tcpdump shows the following searchRequest: --------------------------------------------------- Lightweight Directory Access Protocol LDAPMessage searchRequest(2) "dc=example,dc=de" wholeSubtree ... Filter: (sAMAccountName=someuser) filter: equalityMatch (3) equalityMatch attributeDesc: sAMAccountName assertionValue: someuser attributes: 2 items AttributeDescription: mail AttributeDescription: u...

Dear Samba users and developers, we had the idea of storing S/MIME certificates in the Samba 4 LDAP. In the Windows Active Directory Users and Computers tool I can use the "Published Certificates" tab to add a certificate to a user account. As Mozilla Thunderbird requests the "userCertificate;binary" attribute of a user when sending encrypted mail, the LDAP response is empty.

...are_72:06:06 (00:0c:29:72:06:06), Dst: Vmware_06:a9:58 (00:0c:29:06:a9:58) Internet Protocol Version 4, Src: 192.168.1.12 (192.168.1.12), Dst: 192.168.1.41 (192.168.1.41) User Datagram Protocol, Src Port: ldap (389), Dst Port: 65146 (65146) Connectionless Lightweight Directory Access Protocol LDAPMessage searchResEntry(3) "<ROOT>" [1 result] messageID: 3 protocolOp: searchResEntry (4) searchResEntry objectName: attributes: 1 item PartialAttributeList item netlogon type: netlogon...

...we want to access our Amazon/AWS Console using users from our internal samba4 directory service. So we tried to connect to our samba4 via the AWS AD Connector.  Connection (bind) is ok, but no users/groups are found.  Via tcpdump/wireshark we found this query/answer pair: Query from AD Connector LDAPMessage searchRequest(5) “dc=companyname,dc=com" wholeSubtree Filter: (&(ANR=testuser*)(sAMAccountType=805306368)) Answer from Samba4 resultCode: unavailableCriticalExtension (12) The following controlType is marked as critical in the query: controlType: 2.16.840.1.113730.3.4.9 (LDAP_CONTROL_VLV...

...try > >> creation, and 2) when modifying it for an existing entry (like > >> `samba-tool` does). > >> > >> This is the (Wireshark-interpreted) `ModifyRequest`: > >> > >> ``` > >> Lightweight Directory Access Protocol > >> LDAPMessage modifyRequest(3) > >> "CN=williamedwards1730031523476,CN=Users,DC=ldaptest,DC=nl" > >> messageID: 3 > >> protocolOp: modifyRequest (6) > >> modifyRequest > >> object: > >> CN=williamedwards17...

...o set the NT hash password directly' Code: 0x35 This happens both when 1) passing `unicodePwd` during entry creation, and 2) when modifying it for an existing entry (like `samba-tool` does). This is the (Wireshark-interpreted) `ModifyRequest`: ``` Lightweight Directory Access Protocol LDAPMessage modifyRequest(3) "CN=williamedwards1730031523476,CN=Users,DC=ldaptest,DC=nl" messageID: 3 protocolOp: modifyRequest (6) modifyRequest object: CN=williamedwards1730031523476,CN=Users,DC=ldaptest,DC=nl modification: 1 item...

...ure or a bug? >>> >>> Not sure. Can you provide network traces of Thunderbird >>> trying to do this against a Samba4 AD/DC ? >> >> >> Here are the packet details for the search request: >> >> Lightweight Directory Access Protocol >> LDAPMessage searchRequest(2) >> "OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de" wholeSubtree >> messageID: 2 >> protocolOp: searchRequest (3) >> searchRequest >> baseObject: >> OU=People,OU=Users,OU=LSE,DC=corp,DC=...

...35 > > This happens both when 1) passing `unicodePwd` during entry creation, > and 2) when modifying it for an existing entry (like `samba-tool` > does). > > This is the (Wireshark-interpreted) `ModifyRequest`: > > ``` > Lightweight Directory Access Protocol > LDAPMessage modifyRequest(3) > "CN=williamedwards1730031523476,CN=Users,DC=ldaptest,DC=nl" > messageID: 3 > protocolOp: modifyRequest (6) > modifyRequest > object: > CN=williamedwards1730031523476,CN=Users,DC=ldaptest,DC=nl >...

...h when 1) passing `unicodePwd` during entry creation, >> and 2) when modifying it for an existing entry (like `samba-tool` >> does). >> >> This is the (Wireshark-interpreted) `ModifyRequest`: >> >> ``` >> Lightweight Directory Access Protocol >> LDAPMessage modifyRequest(3) >> "CN=williamedwards1730031523476,CN=Users,DC=ldaptest,DC=nl" >> messageID: 3 >> protocolOp: modifyRequest (6) >> modifyRequest >> object: >> CN=williamedwards1730031523476,CN=Users,DC=ldapte...

...it for an existing entry (like >>>>> `samba-tool` does). >>>>> >>>>> This is the (Wireshark-interpreted) `ModifyRequest`: >>>>> >>>>> ``` >>>>> Lightweight Directory Access Protocol >>>>> LDAPMessage modifyRequest(3) >>>>> "CN=williamedwards1730031523476,CN=Users,DC=ldaptest,DC=nl" >>>>> messageID: 3 >>>>> protocolOp: modifyRequest (6) >>>>> modifyRequest >>>>> ob...

...eation, and 2) when modifying it for an existing entry (like >>>> `samba-tool` does). >>>> >>>> This is the (Wireshark-interpreted) `ModifyRequest`: >>>> >>>> ``` >>>> Lightweight Directory Access Protocol >>>> LDAPMessage modifyRequest(3) >>>> "CN=williamedwards1730031523476,CN=Users,DC=ldaptest,DC=nl" >>>> messageID: 3 >>>> protocolOp: modifyRequest (6) >>>> modifyRequest >>>> object: >>>&g...

...irectory: /dev/null loginShell: /bin/false cn: rlvcosta givenName: rlvcosta sn: rlvcosta uid: rlvcosta uidNumber: 500 gidNumber: 9126 sambaSID: S-1-5-21-1299536883-3844537390-917088389-1001 This appears to be ok. Although when I put a tcpdumo trace I see: Lightweight Directory Access Protocol LDAPMessage searchRequest(161) "dc=flores,dc=com" wholeSubtree messageID: 161 protocolOp: searchRequest (3) searchRequest baseObject: dc=flores,dc=com scope: wholeSubtree (2) derefAliases: neverDerefAliases (0)...

...xisting entry (like > >> >> `samba-tool` does). > >> >> > >> >> This is the (Wireshark-interpreted) `ModifyRequest`: > >> >> > >> >> ``` > >> >> Lightweight Directory Access Protocol > >> >> LDAPMessage modifyRequest(3) > >> >> "CN=williamedwards1730031523476,CN=Users,DC=ldaptest,DC=nl" > >> >> messageID: 3 > >> >> protocolOp: modifyRequest (6) > >> >> modifyRequest > >> >>...

..., and 2) when modifying it for an existing entry (like >> >> `samba-tool` does). >> >> >> >> This is the (Wireshark-interpreted) `ModifyRequest`: >> >> >> >> ``` >> >> Lightweight Directory Access Protocol >> >> LDAPMessage modifyRequest(3) >> >> "CN=williamedwards1730031523476,CN=Users,DC=ldaptest,DC=nl" >> >> messageID: 3 >> >> protocolOp: modifyRequest (6) >> >> modifyRequest >> >> object: >> >...

...mber=user This is the error reported by doveadm index: doveadm(root): Error: User listing returned failure doveadm: Error: Failed to iterate through some users If you put a tcpdump to monitor the search, you i'll see 3 packets. The first is the LDAP searchRequest message, with this content: LDAPMessage searchRequest(3) "*ou=,*ou=mail,ou=services,dc=domain" wholeSubtree If I change the base parameter of config file to this, it works perfectly: base = ou=net.domain,ou=mail,ou=services,dc=domain tcpdump: LDAPMessage searchRequest(3) "*ou=**net.domain**,*ou=mail,ou=services,dc=domai...

...like >>>>>> `samba-tool` does). >>>>>> >>>>>> This is the (Wireshark-interpreted) `ModifyRequest`: >>>>>> >>>>>> ``` >>>>>> Lightweight Directory Access Protocol >>>>>> ???? LDAPMessage modifyRequest(3) >>>>>> "CN=williamedwards1730031523476,CN=Users,DC=ldaptest,DC=nl" >>>>>> ???????? messageID: 3 >>>>>> ???????? protocolOp: modifyRequest (6) >>>>>> ???????????? modifyRequest >>>>>>...

...; > Is this a missing feature or a bug? > > > > Not sure. Can you provide network traces of Thunderbird > > trying to do this against a Samba4 AD/DC ? > > > Here are the packet details for the search request: > > Lightweight Directory Access Protocol > LDAPMessage searchRequest(2) > "OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de" wholeSubtree > messageID: 2 > protocolOp: searchRequest (3) > searchRequest > baseObject: > OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de >...

...dap signing is required". We configured start-tls, copied over the CA certificate but getting an error for the request to start ssl/tls To be exact, here is what we see in wireshark: Our request to the domain: requestName: 1.3.6.1.4.1.1466.20037 (LDAP_START_TLS_OID) Respond from the domain: LDAPMessage extendedResp(1) (00000000: LdapErr: DSID-0C090E0B, comment: Error initializing SSL/TLS, data 0, v1771) We also saw the same problem with windows 2003 SP2 however; it is working well for any other windows 2003 domain. Is it a known issue? Any hint will be much appreciated. Cheers, Ephi PS: un...

Dear List, I seem to have a problem with winbind. Have successfully joined samba to a 2003 AD, but when I start winbind, the logs are full of the following: ==> log.winbindd <== [2008/01/14 11:25:58, 1] libads/cldap.c:recv_cldap_netlogon(247) Failed to parse cldap reply Running wbinfo -t returns: checking the trust secret via RPC calls failed error code was (0x0) Could not check