search for: wholesubtree

...> Not sure. Can you provide network traces of Thunderbird > trying to do this against a Samba4 AD/DC ? Here are the packet details for the search request: Lightweight Directory Access Protocol LDAPMessage searchRequest(2) "OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de" wholeSubtree messageID: 2 protocolOp: searchRequest (3) searchRequest baseObject: OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de scope: wholeSubtree (2) derefAliases: neverDerefAliases (0) sizeLimit: 2...

...;> trying to do this against a Samba4 AD/DC ? >> >> >> Here are the packet details for the search request: >> >> Lightweight Directory Access Protocol >> LDAPMessage searchRequest(2) >> "OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de" wholeSubtree >> messageID: 2 >> protocolOp: searchRequest (3) >> searchRequest >> baseObject: >> OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de >> scope: wholeSubtree (2) >> derefAliases:...

...334 10.0.5.0 -> 10.0.31.235 LDAP 88 bindResponse(1) success 62.789365 10.0.31.235 -> 10.0.5.0 TCP 66 43054 > ldap [ACK] Seq=57 Ack=23 Win=14624 Len=0 TSval=536265720 TSecr=36040952 62.789462 10.0.31.235 -> 10.0.5.0 LDAP 174 searchRequest(2) "DC=galliera,DC=it" wholeSubtree 62.790396 10.0.5.0 -> 10.0.31.235 LDAP 392 searchResEntry(2) "CN=Marco De benedetto,OU=S.S.C. Area sistemistica,OU=S.C. S.I.e.T. - Servizi informatici e telecomunicazioni,OU=Dipartimento di Staff,OU=Direzione generale,DC=galliera,DC=it" | searchResRef(2) | searchResDone(2) succ...

...ormed. The semantics (as described in [X.511]) of the defined values of this field are: baseObject: The scope is constrained to the entry named by baseObject. * singleLevel: The scope is constrained to the immediate * subordinates of the entry named by baseObject. wholeSubtree: The scope is constrained to the entry named by baseObject and to all its subordinates. singleLevel is what we call 'one'. The OP is entitled to expect RFC conformant behaviour in this case. 'sub' (wholeSubtree in RFC language) might be a workaround but we need to get to t...

...nName: rlvcosta sn: rlvcosta uid: rlvcosta uidNumber: 500 gidNumber: 9126 sambaSID: S-1-5-21-1299536883-3844537390-917088389-1001 This appears to be ok. Although when I put a tcpdumo trace I see: Lightweight Directory Access Protocol LDAPMessage searchRequest(161) "dc=flores,dc=com" wholeSubtree messageID: 161 protocolOp: searchRequest (3) searchRequest baseObject: dc=flores,dc=com scope: wholeSubtree (2) derefAliases: neverDerefAliases (0) sizeLimit: 0 timeLimit: 15...

...races of Thunderbird > > trying to do this against a Samba4 AD/DC ? > > > Here are the packet details for the search request: > > Lightweight Directory Access Protocol > LDAPMessage searchRequest(2) > "OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de" wholeSubtree > messageID: 2 > protocolOp: searchRequest (3) > searchRequest > baseObject: > OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de > scope: wholeSubtree (2) > derefAliases: neverDerefAliases (0) >...

...n [X.511]) of the defined values of this field are: > > baseObject: The scope is constrained to the entry named by > baseObject. > > * singleLevel: The scope is constrained to the immediate > * subordinates of the entry named by baseObject. > > wholeSubtree: The scope is constrained to the entry named by > baseObject and to all its subordinates. > > > singleLevel is what we call 'one'. The OP is entitled to expect RFC > conformant behaviour in this case. 'sub' (wholeSubtree in RFC > language) might be a work...

...m our internal samba4 directory service. So we tried to connect to our samba4 via the AWS AD Connector.  Connection (bind) is ok, but no users/groups are found.  Via tcpdump/wireshark we found this query/answer pair: Query from AD Connector LDAPMessage searchRequest(5) “dc=companyname,dc=com" wholeSubtree Filter: (&(ANR=testuser*)(sAMAccountType=805306368)) Answer from Samba4 resultCode: unavailableCriticalExtension (12) The following controlType is marked as critical in the query: controlType: 2.16.840.1.113730.3.4.9 (LDAP_CONTROL_VLVREQUEST VLV) Is it possible to activate / add this control...

Dear Samba users and developers, we had the idea of storing S/MIME certificates in the Samba 4 LDAP. In the Windows Active Directory Users and Computers tool I can use the "Published Certificates" tab to add a certificate to a user account. As Mozilla Thunderbird requests the "userCertificate;binary" attribute of a user when sending encrypted mail, the LDAP response is empty.

...rd results in the error message "result: mail=someuser at example.de; userPassword missing" A tcpdump shows the following searchRequest: --------------------------------------------------- Lightweight Directory Access Protocol LDAPMessage searchRequest(2) "dc=example,dc=de" wholeSubtree ... Filter: (sAMAccountName=someuser) filter: equalityMatch (3) equalityMatch attributeDesc: sAMAccountName assertionValue: someuser attributes: 2 items AttributeDescription: mail AttributeDescription: userPassword -----------------------------------------------...

...: User listing returned failure doveadm: Error: Failed to iterate through some users If you put a tcpdump to monitor the search, you i'll see 3 packets. The first is the LDAP searchRequest message, with this content: LDAPMessage searchRequest(3) "*ou=,*ou=mail,ou=services,dc=domain" wholeSubtree If I change the base parameter of config file to this, it works perfectly: base = ou=net.domain,ou=mail,ou=services,dc=domain tcpdump: LDAPMessage searchRequest(3) "*ou=**net.domain**,*ou=mail,ou=services,dc=domain" wholeSubtree # dovecot -n # 2.2.13 (5c877bca95e5): /etc/dovecot/dov...

Hello, Is it not Samba that is listening to the LDAP ports and is serving me the answer to my query? This problem does not only happen when the LDAP database is searched using ldapsearch, it happens also using other tools that connect to the LDAP ports. I still don't fully grasp what this has to do with the uniqueness of the sAMAccountNames - they are unique throughout my directory and I

..."CN=DovecotSvc,OU=Svcs,DC=office,DC=on2it,DC=net" simple 2 0.001879 172.17.10.2 -> 172.17.50.13 LDAP 88 bindResponse(7) success Yay! The service account binds just fine. 3 0.001967 172.17.50.13 -> 172.17.10.2 LDAP 180 searchRequest(8) "dc=office,dc=on2it,dc=net" wholeSubtree 4 0.002772 172.17.10.2 -> 172.17.50.13 LDAP 502 searchResEntry(8) "CN=Jeroen Scheerder,OU=Users,DC=office,DC=on2it,DC=net" \ | searchResRef(8) | searchResRef(8) | searchResRef(8) | searchResDone(8) success 5 0.098367 172.17.50.13 -> 172.17.10.2 TCP 66 49416 > 389 [AC...

...5 -> 10.5.1.202 LDAP 270 bindResponse(3) success 14 0.079974 10.5.1.202 -> 10.5.1.25 TCP 66 40258→389 [ACK] Seq=1621 Ack=372 Win=7984 Len=0 TSval=121084519 TSecr=361924304 15 0.085792 10.5.1.202 -> 10.5.1.25 LDAP 402 searchRequest(4) "dc=ad,dc=fvg,dc=lnf,dc=it" wholeSubtree 16 0.086364 10.5.1.25 -> 10.5.1.202 LDAP 574 searchResEntry(4) "CN=gaio,OU=Roaming,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it" | searchResRef(4) | searchResRef(4) | searchResRef(4) | se 17 0.087354 10.5.1.202 -> 10.5.1.25 LDAP 73 unbindRequest(5) 18...

...ation as follows: auth_bind = no #auth_bind_userdn = uid=%u,ou=people,dc=ht Then I get following picture: http://i.stack.imgur.com/tb5vo.png It doesn't pick up the setting base = ou=people,dc=ht. But what is more crucial is that even looking at the whole tree "<ROOT>" wholeSubTree it can't find the required entry. I am really desperate and don't know how to make it work. Can somebody please give me a clue how to solve this problem?

...5 -> 10.5.1.202 LDAP 270 bindResponse(3) success 14 0.079974 10.5.1.202 -> 10.5.1.25 TCP 66 40258→389 [ACK] Seq=1621 Ack=372 Win=7984 Len=0 TSval=121084519 TSecr=361924304 15 0.085792 10.5.1.202 -> 10.5.1.25 LDAP 402 searchRequest(4) "dc=ad,dc=fvg,dc=lnf,dc=it" wholeSubtree 16 0.086364 10.5.1.25 -> 10.5.1.202 LDAP 574 searchResEntry(4) "CN=gaio,OU=Roaming,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it" | searchResRef(4) | searchResRef(4) | searchResRef(4) | se 17 0.087354 10.5.1.202 -> 10.5.1.25 LDAP 73 unbindRequest(5) 18...

....5.1.202 LDAP 270 bindResponse(3) success > 14 0.079974 10.5.1.202 -> 10.5.1.25 TCP 66 40258→389 [ACK] Seq=1621 Ack=372 Win=7984 Len=0 TSval=121084519 TSecr=361924304 > 15 0.085792 10.5.1.202 -> 10.5.1.25 LDAP 402 searchRequest(4) "dc=ad,dc=fvg,dc=lnf,dc=it" wholeSubtree > 16 0.086364 10.5.1.25 -> 10.5.1.202 LDAP 574 searchResEntry(4) "CN=gaio,OU=Roaming,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it" | searchResRef(4) | searchResRef(4) | searchResRef(4) | se > 17 0.087354 10.5.1.202 -> 10.5.1.25 LDAP 73 unbindReques...

Mandi! Andrew Bartlett via samba In chel di` si favelave... > > There's some way to ''tight'' that configuration , eg permit 'ldap server require strong auth = > > no' only by some hosts? > > Or some other smb.conf options that i've missed? > Nothing at this stage. Ok. > The issue is that they need to do fully signed or sealed Kerberos

...LDAP 270 bindResponse(3) success >> 14 0.079974 10.5.1.202 -> 10.5.1.25 TCP 66 40258???389 [ACK] Seq=1621 Ack=372 Win=7984 Len=0 TSval=121084519 TSecr=361924304 >> 15 0.085792 10.5.1.202 -> 10.5.1.25 LDAP 402 searchRequest(4) "dc=ad,dc=fvg,dc=lnf,dc=it" wholeSubtree >> 16 0.086364 10.5.1.25 -> 10.5.1.202 LDAP 574 searchResEntry(4) "CN=gaio,OU=Roaming,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it" | searchResRef(4) | searchResRef(4) | searchResRef(4) | se >> 17 0.087354 10.5.1.202 -> 10.5.1.25 LDAP 73 unbind...

...and the whole process starts over again. Over the third failure, SSSD fails to start and stops trying. Comparing packet captures on the AD server when starting SSSD on both servers, the initial ROOT search request and response are identical as is the bind request and response. However, the first wholeSubtree search request is where things start looking different. On the CentOS 6 server, it shows a filter in the request of: Filter: (&(&(cn=smtp)(ipServiceProtocol=dccp))(objectclass=ipService)) and there are 4 attributes in the request - objectClass, cn, ipServicePort, ipServiceProtocol Whereas...