similar to: Ldapsearch against Samba AD returns records outside the search base

Hello, Is it not Samba that is listening to the LDAP ports and is serving me the answer to my query? This problem does not only happen when the LDAP database is searched using ldapsearch, it happens also using other tools that connect to the LDAP ports. I still don't fully grasp what this has to do with the uniqueness of the sAMAccountNames - they are unique throughout my directory and I

On Fri, 2020-01-31 at 15:50 +0200, Palle Kuling via samba wrote: > Hi, > > I noticed the following problem with records returned outside the search > base when the query is run against a Samba DC, but when the same query > is run against a Windows 2008 or 2012 DC it does not happen. I'm pretty > sure it worked correctly in the past. I updated from Samba 4.9.4 to >

On Mon, 2020-02-03 at 18:17 +0200, Palle Kuling via samba wrote: > Hello, > > I did some detective work here, stepping through all the versions > from > the old 4.9.4 database onwards, building them from source on an > isolated > system and doing ldapsearch against them. It is the change from > 4.10.13 > to 4.11.0 (or maybe in general from pre-4.11 to 4.11?) that

On Sat, 2020-02-01 at 17:22 +0000, Rowland penny via samba wrote: > On 01/02/2020 16:29, Palle Kuling via samba wrote: > > > > Queried against Samba 4.11.4 (query is for OU=Business but response is > > from OU=Test): > > $ldapsearch -D username at internal.xxx.yy -w password -H > > ldaps://192.168.1.1 -s one -b ou=business,dc=internal,dc=xxx,dc=yy > >

On 01/02/2020 16:29, Palle Kuling via samba wrote: > > > Queried against Samba 4.11.4 (query is for OU=Business but response is > from OU=Test): > $ldapsearch -D username at internal.xxx.yy -w password -H > ldaps://192.168.1.1 -s one -b ou=business,dc=internal,dc=xxx,dc=yy > "(&(objectCategory=person)(objectClass=user)(sAMAccountName=testadmin))" > #

Hello, I did some detective work here, stepping through all the versions from the old 4.9.4 database onwards, building them from source on an isolated system and doing ldapsearch against them. It is the change from 4.10.13 to 4.11.0 (or maybe in general from pre-4.11 to 4.11?) that breaks it; after that the onelevel scope is not applied correctly. Ldbsearch also returns wrong results when

Hello, I did a git bisect between 4.10.0rc1 and 4.11.0. The result is as follows: b6b5b5fe355fee2a4096e9214831cb88c7a2a4c6 is the first bad commit Date: Wed Mar 6 15:28:45 2019 +1300 lib ldb key value: fix index buffering Is there anything else I should check? Regards, -P On 2020-02-04 00:08, Andrew Bartlett via samba wrote: > On Mon, 2020-02-03 at 18:17 +0200, Palle Kuling via

Hello all, I just tried this on our setup and it ist the same there. I get results from other OUs. Using sub instead of one I get the "right" results. Regards Christian Am 01.02.20 um 20:26 schrieb Andrew Bartlett via samba: > On Sat, 2020-02-01 at 17:22 +0000, Rowland penny via samba wrote: >> On 01/02/2020 16:29, Palle Kuling via samba wrote: >>> >>>

On 01/02/2020 09:54, Palle Kuling via samba wrote: > Hello, > > Ldbsearch returns the correct result. However this particular query is > performed by an external system (that does not have access to the LDB > files), to check whether a certain user belongs to a specific OU or > not. The query is performed over LDAP against Samba, so it is not a > ldapsearch-only problem. I

Hi, I'm trying to migrate samba 3 NT domain to samba 4 AD, we have migrated data and it seems correct, but now we need to connect with ldapsearch but always receive errors like ldap_bind: Strong(er) authentication required (8) additional info: BindSimple: Transport encryption required. command used is /usr/bin/ldapsearch -H ldap://server -x -LLL -z 0 -D

Thank you Kees. On Mon, 6 Nov 2023 at 09:37, Kees van Vloten via samba <samba at lists.samba.org> wrote: > I am currently running at 4.19.2 but I have run 4.18.6 and 4.18.5. I did > not experience any issues with nested group lookups, which many of the > filters rely on. Interestingly, I've now found that (on my current DCs, running 4.18.5), ldbsearch *does* seem to return the

Hi, I've got ldapsearch mostly working: root at morannon:/usr/local/samba/private/tls# ldapsearch '(sAMAccountName=dumaresq)' SASL/GSSAPI authentication started SASL username: administrator at XXX SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base <> (default) with scope subtree # filter: (sAMAccountName=dumaresq) # requesting: ALL # results in

Op 05-11-2023 om 23:25 schreef Jonathan Hunter via samba: > I'm quite confused by this one, as I can't see how this would happen.. > but after upgrading my DCs from 4.11.10 to 4.18.5, LDAP searches don't > seem to work if they use the :1.2.840.113556.1.4.1941: modifier, aka > LDAP_MATCHING_RULE_IN_CHAIN. (Yes, it was a fairly big version jump.. > Yes, I should have

Hi all, I've got on AD DC using Samba 4.4.3 on Centos7 which accept Kerberos connections (kinit is working), which accept ldapsearch with credentials but which refuse ldapsearch with GSSAPI. The issue does not seem to be coming from the client as I discovered this issue writing a script to test all 22 DC, and all 21 others DC are working well from that client. The error: SASL/GSSAPI

Hello, I'm writing in regards to this issue I opened on GitHub: https://github.com/python-ldap/python-ldap/issues/275 I am able to successfully use ldapsearch to query my Samba 4.9.4-Debian DC: ldapsearch -LLL -Y GSSAPI -H ldap://samba-dc.ad.example.com -b "dc=ad,dc=example,dc=com" "(objectClass=user)" "sAMAccountName" However, when I try to use python-ldap I

Hello, I have a small test network with a Win2k8R2 DC. I've added a samba4 as second DC in this network. The join seems to run smoothly. But, after the join, this command: ldapsearch -LLL -x -H ldapi://%2Fvar%2Flib%2Fsamba%2Fprivate%2Fldap_priv%2Fldapi -b "dc=test,dc=dom" "(SAMAccountName=Administrateur)" returns some strange results: ? some attributes like unicodePwd

Hi all, Is there a way to extract the whole attributes of objects, even hidden attributes, using ldbsearch or any samba tool? Hidden attributes have to be hidden from ldapsearch which can be used through network and so, remotely. ldbsearch can be used only locally by root, which [should] limit who is using it, so perhaps I thought it was possible : )

I'm setting up a test domain in order to try out Sudoers LDAP and have run into a problem that has my puzzled. On our production domain I can run a query such as: ldapsearch -LLL -p389 -h DC -u me at ourdomain.com.au -W -X -LLL -b "dc=ourdomain,dc=com,dc=au" -s sub However, running an equivalent search on a freshly installed test domain, using the exact same version of Samba

On Mon, 6 Nov 2023 at 14:32, Kees van Vloten <keesvanvloten at gmail.com> wrote: > > > Op 06-11-2023 om 14:58 schreef Jonathan Hunter: > > Interestingly, I've now found that (on my current DCs, running > > 4.18.5), ldbsearch *does* seem to return the expected result, but the > > same query via ldapsearch does not. > > What if you try to use starttls

Does ldapsearch work with Samba4 since it has it's own LDAP server? I've seen a number of ldap related posts here and I'm trying to head down that road for Dovecot authentication, but I'm getting stopped right away. For example, the following doesn't work: $ ldapsearch -xLLL -H ldap://localhost:389 \ -D "cn=Administrator,dc=HPRS,dc=local" -W -b