Displaying 20 results from an estimated 21 matches for "wholesubtree".
2015 Nov 03
2
S/MIME certificates in Samba 4 LDAP
...> Not sure. Can you provide network traces of Thunderbird
> trying to do this against a Samba4 AD/DC ?
Here are the packet details for the search request:
Lightweight Directory Access Protocol
LDAPMessage searchRequest(2)
"OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de" wholeSubtree
messageID: 2
protocolOp: searchRequest (3)
searchRequest
baseObject:
OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de
scope: wholeSubtree (2)
derefAliases: neverDerefAliases (0)
sizeLimit: 2...
2015 Nov 19
1
S/MIME certificates in Samba 4 LDAP
...;> trying to do this against a Samba4 AD/DC ?
>>
>>
>> Here are the packet details for the search request:
>>
>> Lightweight Directory Access Protocol
>> LDAPMessage searchRequest(2)
>> "OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de" wholeSubtree
>> messageID: 2
>> protocolOp: searchRequest (3)
>> searchRequest
>> baseObject:
>> OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de
>> scope: wholeSubtree (2)
>> derefAliases:...
2013 Dec 06
0
Active Directory LDAP userdb and dovecot
...334 10.0.5.0 -> 10.0.31.235 LDAP 88 bindResponse(1) success
62.789365 10.0.31.235 -> 10.0.5.0 TCP 66 43054 > ldap [ACK]
Seq=57 Ack=23 Win=14624 Len=0 TSval=536265720 TSecr=36040952
62.789462 10.0.31.235 -> 10.0.5.0 LDAP 174 searchRequest(2)
"DC=galliera,DC=it" wholeSubtree
62.790396 10.0.5.0 -> 10.0.31.235 LDAP 392 searchResEntry(2)
"CN=Marco De benedetto,OU=S.S.C. Area sistemistica,OU=S.C. S.I.e.T. -
Servizi informatici e telecomunicazioni,OU=Dipartimento di
Staff,OU=Direzione generale,DC=galliera,DC=it" | searchResRef(2) |
searchResDone(2) succ...
2020 Feb 01
2
Ldapsearch against Samba AD returns records outside the search base
...ormed. The semantics
(as
described in [X.511]) of the defined values of this field are:
baseObject: The scope is constrained to the entry named by
baseObject.
* singleLevel: The scope is constrained to the immediate
* subordinates of the entry named by baseObject.
wholeSubtree: The scope is constrained to the entry named by
baseObject and to all its subordinates.
singleLevel is what we call 'one'. The OP is entitled to expect RFC
conformant behaviour in this case. 'sub' (wholeSubtree in RFC
language) might be a workaround but we need to get to t...
2012 Apr 28
1
Problems ldap authentication for Samba 3.5.11-2-1
...nName: rlvcosta
sn: rlvcosta
uid: rlvcosta
uidNumber: 500
gidNumber: 9126
sambaSID: S-1-5-21-1299536883-3844537390-917088389-1001
This appears to be ok. Although when I put a tcpdumo trace I see:
Lightweight Directory Access Protocol
LDAPMessage searchRequest(161) "dc=flores,dc=com" wholeSubtree
messageID: 161
protocolOp: searchRequest (3)
searchRequest
baseObject: dc=flores,dc=com
scope: wholeSubtree (2)
derefAliases: neverDerefAliases (0)
sizeLimit: 0
timeLimit: 15...
2015 Nov 05
0
S/MIME certificates in Samba 4 LDAP
...races of Thunderbird
> > trying to do this against a Samba4 AD/DC ?
>
>
> Here are the packet details for the search request:
>
> Lightweight Directory Access Protocol
> LDAPMessage searchRequest(2)
> "OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de" wholeSubtree
> messageID: 2
> protocolOp: searchRequest (3)
> searchRequest
> baseObject:
> OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de
> scope: wholeSubtree (2)
> derefAliases: neverDerefAliases (0)
>...
2020 Feb 02
0
Ldapsearch against Samba AD returns records outside the search base
...n [X.511]) of the defined values of this field are:
>
> baseObject: The scope is constrained to the entry named by
> baseObject.
>
> * singleLevel: The scope is constrained to the immediate
> * subordinates of the entry named by baseObject.
>
> wholeSubtree: The scope is constrained to the entry named by
> baseObject and to all its subordinates.
>
>
> singleLevel is what we call 'one'. The OP is entitled to expect RFC
> conformant behaviour in this case. 'sub' (wholeSubtree in RFC
> language) might be a work...
2015 Aug 28
1
AWS AD Connector and Samba4
...m our internal samba4 directory service. So we tried to connect to our samba4 via the AWS AD Connector.
Connection (bind) is ok, but no users/groups are found. Via tcpdump/wireshark we found this query/answer pair:
Query from AD Connector
LDAPMessage searchRequest(5) “dc=companyname,dc=com" wholeSubtree
Filter: (&(ANR=testuser*)(sAMAccountType=805306368))
Answer from Samba4
resultCode: unavailableCriticalExtension (12)
The following controlType is marked as critical in the query:
controlType: 2.16.840.1.113730.3.4.9 (LDAP_CONTROL_VLVREQUEST VLV)
Is it possible to activate / add this control...
2015 Oct 30
2
S/MIME certificates in Samba 4 LDAP
Dear Samba users and developers,
we had the idea of storing S/MIME certificates in the Samba 4 LDAP.
In the Windows Active Directory Users and Computers tool I can use the
"Published Certificates" tab to add a certificate to a user account.
As Mozilla Thunderbird requests the "userCertificate;binary" attribute
of a user when sending encrypted mail, the LDAP response is empty.
2013 Jan 14
3
Samba4 AD delegation to read userPassword attribute
...rd
results in the error message "result: mail=someuser at example.de; userPassword missing"
A tcpdump shows the following searchRequest:
---------------------------------------------------
Lightweight Directory Access Protocol
LDAPMessage searchRequest(2) "dc=example,dc=de" wholeSubtree
...
Filter: (sAMAccountName=someuser)
filter: equalityMatch (3)
equalityMatch
attributeDesc: sAMAccountName
assertionValue: someuser
attributes: 2 items
AttributeDescription: mail
AttributeDescription: userPassword
-----------------------------------------------...
2014 Jun 05
4
doveadm index - Bug or expected behaviour?
...: User listing returned failure
doveadm: Error: Failed to iterate through some users
If you put a tcpdump to monitor the search, you i'll see 3 packets. The
first is the LDAP searchRequest message, with this content:
LDAPMessage searchRequest(3) "*ou=,*ou=mail,ou=services,dc=domain"
wholeSubtree
If I change the base parameter of config file to this, it works perfectly:
base = ou=net.domain,ou=mail,ou=services,dc=domain
tcpdump:
LDAPMessage searchRequest(3)
"*ou=**net.domain**,*ou=mail,ou=services,dc=domain"
wholeSubtree
# dovecot -n
# 2.2.13 (5c877bca95e5): /etc/dovecot/dov...
2020 Feb 01
2
Ldapsearch against Samba AD returns records outside the search base
Hello,
Is it not Samba that is listening to the LDAP ports and is serving me
the answer to my query? This problem does not only happen when the LDAP
database is searched using ldapsearch, it happens also using other tools
that connect to the LDAP ports. I still don't fully grasp what this has
to do with the uniqueness of the sAMAccountNames - they are unique
throughout my directory and I
2014 Mar 05
0
Using AD, one more try - "successfol auth" and crashing auth process
..."CN=DovecotSvc,OU=Svcs,DC=office,DC=on2it,DC=net" simple
2 0.001879 172.17.10.2 -> 172.17.50.13 LDAP 88 bindResponse(7) success
Yay! The service account binds just fine.
3 0.001967 172.17.50.13 -> 172.17.10.2 LDAP 180 searchRequest(8) "dc=office,dc=on2it,dc=net" wholeSubtree
4 0.002772 172.17.10.2 -> 172.17.50.13 LDAP 502 searchResEntry(8) "CN=Jeroen Scheerder,OU=Users,DC=office,DC=on2it,DC=net" \
| searchResRef(8) | searchResRef(8) | searchResRef(8) | searchResDone(8) success
5 0.098367 172.17.50.13 -> 172.17.10.2 TCP 66 49416 > 389 [AC...
2018 May 10
2
Samba, AD and devices compatibility...
...5 -> 10.5.1.202 LDAP 270 bindResponse(3) success
14 0.079974 10.5.1.202 -> 10.5.1.25 TCP 66 40258→389 [ACK] Seq=1621 Ack=372 Win=7984 Len=0 TSval=121084519 TSecr=361924304
15 0.085792 10.5.1.202 -> 10.5.1.25 LDAP 402 searchRequest(4) "dc=ad,dc=fvg,dc=lnf,dc=it" wholeSubtree
16 0.086364 10.5.1.25 -> 10.5.1.202 LDAP 574 searchResEntry(4) "CN=gaio,OU=Roaming,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it" | searchResRef(4) | searchResRef(4) | searchResRef(4) | se
17 0.087354 10.5.1.202 -> 10.5.1.25 LDAP 73 unbindRequest(5)
18...
2014 May 18
2
Configuration of dovecot 2.0.19 to authenticate users via LDAP
...ation as follows:
auth_bind = no
#auth_bind_userdn = uid=%u,ou=people,dc=ht
Then I get following picture: http://i.stack.imgur.com/tb5vo.png
It doesn't pick up the setting base = ou=people,dc=ht. But what is more
crucial is that even looking at the whole tree "<ROOT>" wholeSubTree it
can't find the required entry.
I am really desperate and don't know how to make it work. Can somebody
please give me a clue how to solve this problem?
2018 May 11
4
Samba, AD and devices compatibility...
...5 -> 10.5.1.202 LDAP 270 bindResponse(3) success
14 0.079974 10.5.1.202 -> 10.5.1.25 TCP 66 40258→389 [ACK] Seq=1621 Ack=372 Win=7984 Len=0 TSval=121084519 TSecr=361924304
15 0.085792 10.5.1.202 -> 10.5.1.25 LDAP 402 searchRequest(4) "dc=ad,dc=fvg,dc=lnf,dc=it" wholeSubtree
16 0.086364 10.5.1.25 -> 10.5.1.202 LDAP 574 searchResEntry(4) "CN=gaio,OU=Roaming,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it" | searchResRef(4) | searchResRef(4) | searchResRef(4) | se
17 0.087354 10.5.1.202 -> 10.5.1.25 LDAP 73 unbindRequest(5)
18...
2018 May 11
0
Samba, AD and devices compatibility...
....5.1.202 LDAP 270 bindResponse(3) success
> 14 0.079974 10.5.1.202 -> 10.5.1.25 TCP 66 40258→389 [ACK] Seq=1621 Ack=372 Win=7984 Len=0 TSval=121084519 TSecr=361924304
> 15 0.085792 10.5.1.202 -> 10.5.1.25 LDAP 402 searchRequest(4) "dc=ad,dc=fvg,dc=lnf,dc=it" wholeSubtree
> 16 0.086364 10.5.1.25 -> 10.5.1.202 LDAP 574 searchResEntry(4) "CN=gaio,OU=Roaming,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it" | searchResRef(4) | searchResRef(4) | searchResRef(4) | se
> 17 0.087354 10.5.1.202 -> 10.5.1.25 LDAP 73 unbindReques...
2018 May 11
4
Samba, AD and devices compatibility...
Mandi! Andrew Bartlett via samba
In chel di` si favelave...
> > There's some way to ''tight'' that configuration , eg permit 'ldap server require strong auth =
> > no' only by some hosts?
> > Or some other smb.conf options that i've missed?
> Nothing at this stage.
Ok.
> The issue is that they need to do fully signed or sealed Kerberos
2018 May 11
0
Samba, AD and devices compatibility...
...LDAP 270 bindResponse(3) success
>> 14 0.079974 10.5.1.202 -> 10.5.1.25 TCP 66 40258???389 [ACK] Seq=1621 Ack=372 Win=7984 Len=0 TSval=121084519 TSecr=361924304
>> 15 0.085792 10.5.1.202 -> 10.5.1.25 LDAP 402 searchRequest(4) "dc=ad,dc=fvg,dc=lnf,dc=it" wholeSubtree
>> 16 0.086364 10.5.1.25 -> 10.5.1.202 LDAP 574 searchResEntry(4) "CN=gaio,OU=Roaming,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it" | searchResRef(4) | searchResRef(4) | searchResRef(4) | se
>> 17 0.087354 10.5.1.202 -> 10.5.1.25 LDAP 73 unbind...
2018 Jul 20
2
SSSD on CentOS 7 failing to start when connecting to 4.8.3 AD via LDAP
...and the
whole process starts over again. Over the third failure, SSSD fails to
start and stops trying.
Comparing packet captures on the AD server when starting SSSD on both
servers, the initial ROOT search request and response are identical as is
the bind request and response. However, the first wholeSubtree search
request is where things start looking different. On the CentOS 6 server,
it shows a filter in the request of:
Filter: (&(&(cn=smtp)(ipServiceProtocol=dccp))(objectclass=ipService))
and there are 4 attributes in the request - objectClass, cn, ipServicePort,
ipServiceProtocol
Whereas...