[Samba] Bizarre LDAP behaviour
Paul Gienger
pgienger at ae-solutions.com
Wed Jun 23 12:43:54 GMT 2004
Do you actually specify your ldap suffix anyplace? It could be trying
to guess at the suffix using LDAP entries you do have.
Scott Wunsch wrote:
>I'm trying to get Samba set up to read all account information from my
>existing LDAP directory. I have nss_ldap set up and working correctly.
>I'm using Mandrake 10.0, and the problem occurs both with their Samba
>3.0.2a packages and the Samba 3.0.4 RPMs from samba.org.
>
>When Samba queries the LDAP server, it seems to be using the admin DN as
>the *search base*, rather than using the suffix configured in smb.conf.
>
>The appropriate bit of my smb.conf (with the organization name
>removed, obviously) looks like this:
>
>passdb backend = ldapsam:ldap://ldap.fakeorgname.dom
>ldap admin dn = cn=Manager,o=Organization Name
>ldap delete dn = no
>ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
>ldap group suffix = cat=Groups
>ldap machine suffix = cat=Computers
>ldap passwd sync = yes
>ldap ssl = off
>ldap suffix = o=Organization Name
>ldap user suffix = cat=Staff
>
>When I sniff the LDAP queries or look at log.smbd, I see that the base DN
>being used for the queries is "cn=Manager,o=Organization Name" or even
>"cat=Groups,cn=Manager,o=Organization Name". This makes no sense at all
>to me. I even browsed through the code, and I can't see any way that
>these two configuration items could possibly get mixed up.
>
>Can anybody suggest any way that this could occur, or anything that I
>should check to resolve this?
>
>
>
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. Cell: 701-306-6254
Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto:pgienger at ae-solutions.com
More information about the samba
mailing list