Samba 3.0a20+LDAP-backend group-builit and mapping questions

Ignacio Coupeau icoupeau at
Wed Oct 2 12:02:00 GMT 2002

I'm been playing with the groups and LDAP (passdb backend) and found two 

1. When -as local admin in a XP domain member ws-, from the 
administrative tools (control pannel) I select "add a group" an ldap 
search is performed, like:

 > ldapsam_search_one_user: searching
 >  for:[(&(uid=Administrators)(objectclass=sambaAccount))]

I have the groups defined in samba-pdc and several maps also:

> bin/smbgroupedit -l | grep -A 1 Admin
> Administrators
>         SID       : S-1-5-32-544
> --
> Domain Admins
>         SID       : S-1-5-21-298858960-1863792627-3661451959-512
> -

and the groups don't be found at all (nor builtin nor defined). Of 
course, if I provide an user present in the ldap base, is added 
perfectly. This issue is only with (domain, non-local) groups.

2. After intend to add a new group in XP from the domain, all the 
database are searched:
> base="o=smb,dc=unav,dc=es" scope=2 filter="(&(uid=*)(objectClass=sambaAccount))"  
> ... and enumerated:
> [2002/10/03 00:27:05, 2] passdb/pdb_ldap.c:ldapsam_setsampwent(1218)
>   ldapsam_setsampwent: 27303 entries in the base!

(BTW: I selected "Group" no "Group and users" in the object class to 
search from XP).

Is this a know issue?
if so, Some link?

Note: the PDC has pam and nsswitch for unix accounting.

Ignacio Coupeau, Ph.D.     e-mail: icoupeau at
CTI, Director              fax:    948 425619
University of Navarra      voice:  948 425600
Pamplona, SPAIN  

More information about the samba-technical mailing list