samba4 alpha5 with openldap
Oliver Liebel
oliver at itc.li
Wed Jul 23 21:40:19 GMT 2008
in addition to my last mail, using the latest samba4 from git
(4.0.0alpha6-GIT-a7bfa1f) together with ol 2.4.11
the problem mentioned below disappear.
greetings,
oliver
Oliver Liebel schrieb:
> hi andrew,
>
> i had just setup samba4 alpha5 with openldap 2.4.10, using the
> following configuration:
>
> backend-provision:
> setup/provision-backend --realm=ldap.local.site --domain=LDAP
> --ldap-manager-pass=linux --ldap-backend-type=openldap
> --server-role='domain controller'
>
> then started slapd using another port, not ldapi:
> /usr/lib/openldap/slapd -f /usr/local/samba/private/ldap/slapd.conf -h
> "ldap://192.168.198.11:9000/" -d 1
>
> the final provision runs ok, using these settings:
> setup/provision --realm=ldap.local.site --domain=LDAP
> --server-role='domain controller'
> --ldap-backend="ldap://192.168.198.11:9000/"
> --simple-bind-dn="CN=Manager,dc=ldap,dc=local,dc=site"
> --password=linux --adminpass=linux --ldap-backend-type=openldap
>
> when i start smbd (smbd -i -d 4) i got the following errors:
> - from smbd:
> -------------------------------------
> Starting GENSEC mechanism sasl-DIGEST-MD5
> added interface ip=192.168.198.11 nmask=255.255.255.0
> gensec_sasl: DIGEST-MD5 client step 2
> ldb: Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS -
> <SASL(-13): user not found: no secret in database> <>
> ldb: Failed to connect to 'ldap://192.168.198.11:9000/'
>
> (after that, all other actions are failing due to the failed bind)
> -------------------------------------
>
> -from slapd :
> ------------------------------------
> SASL [conn=8] Debug: DIGEST-MD5 server step 2
> slap_sasl_getdn: u:id converted to
> uid=LDAPMASTER$,cn=ldap.local.site,cn=DIGEST-MD5,cn=auth
> >>> dnNormalize:
> <uid=LDAPMASTER$,cn=ldap.local.site,cn=DIGEST-MD5,cn=auth>
> <<< dnNormalize:
> <uid=ldapmaster$,cn=ldap.local.site,cn=digest-md5,cn=auth>
> ==>slap_sasl2dn: converting SASL name
> uid=ldapmaster$,cn=ldap.local.site,cn=digest-md5,cn=auth to a DN
> ==> rewrite_context_apply [depth=1]
> string='uid=ldapmaster$,cn=ldap.local.site,cn=digest-md5,cn=auth'
> ==> rewrite_rule_apply
> rule='uid=([^,]*),cn=ldap.local.site,cn=digest-md5,cn=auth'
> string='uid=ldapmaster$,cn=ldap.local.site,cn=digest-md5,cn=auth' [1
> pass(es)]
> ==> rewrite_context_apply [depth=1]
> res={0,'ldap:///DC=ldap,DC=local,DC=site??sub?(samAccountName=ldapmaster$)'}
>
> slap_parseURI: parsing
> ldap:///DC=ldap,DC=local,DC=site??sub?(samAccountName=ldapmaster$)
> ldap_url_parse_ext(ldap:///DC=ldap,DC=local,DC=site??sub?(samAccountName=ldapmaster$))
>
> put_filter: "(samAccountName=ldapmaster$)"
> put_filter: simple
> put_simple_filter: "samAccountName=ldapmaster$"
> ber_scanf fmt ({mm}) ber:
> >>> dnNormalize: <DC=ldap,DC=local,DC=site>
> <<< dnNormalize: <dc=ldap,dc=local,dc=site>
> slap_sasl2dn: performing internal search
> (base=dc=ldap,dc=local,dc=site, scope=2)
> => hdb_search
> bdb_dn2entry("dc=ldap,dc=local,dc=site")
> search_candidates: base="dc=ldap,dc=local,dc=site" (0x00000001) scope=2
> => hdb_dn2idl("dc=ldap,dc=local,dc=site")
> => bdb_equality_candidates (objectClass)
> => key_read
> <= bdb_index_read: failed (-30989)
> <= bdb_equality_candidates: id=0, first=0, last=0
> => bdb_equality_candidates (sAMAccountName)
> => key_read
> <= bdb_index_read 1 candidates
> <= bdb_equality_candidates: id=1, first=44, last=44
> bdb_search_candidates: id=1 first=44 last=44
> send_ldap_result: conn=8 op=2 p=3
> <==slap_sasl2dn: Converted SASL name to cn=ldapmaster,ou=domain
> controllers,dc=ldap,dc=local,dc=site
> slap_sasl_getdn: dn:id converted to cn=ldapmaster,ou=domain
> controllers,dc=ldap,dc=local,dc=site
> => hdb_search
> bdb_dn2entry("cn=ldapmaster,ou=domain
> controllers,dc=ldap,dc=local,dc=site")
> slap_ap_lookup: str2ad(cmusaslsecretDIGEST-MD5): attribute type undefined
> send_ldap_result: conn=8 op=2 p=3
> SASL [conn=8] Failure: no secret in database
> ---------------------------------
>
> the sasl2dn conversion looks allright for me;
> maybe this is the most intersting part:
> ---> bdb_dn2entry("cn=ldapmaster,ou=domain
> controllers,dc=ldap,dc=local,dc=site") <---
> ---> slap_ap_lookup: str2ad(cmusaslsecretDIGEST-MD5): attribute type
> undefined <----
>
> any ideas?
>
> greetings,
> oliver
>
>
>
>
>
>
____________
Virus checked by G DATA AntiVirusKit
Version: AVK 18.4610 from 23.07.2008
Virus news: www.antiviruslab.com
More information about the samba-technical
mailing list