Samba 4.0.0~alpha5+20090105-1 (Debian) can't be used with a openldap backend?

Sassy Natan sassyn at gmail.com
Sun Jan 11 07:51:48 GMT 2009


On Sat, Jan 10, 2009 at 11:44 PM, Andrew Bartlett <abartlet at samba.org>wrote:

> On Sat, 2009-01-10 at 20:42 +0100, Alejandro wrote:
> > Hello, I have a problem testing samba4 usign the Debian packages and i
> > can't provision the backend.
> > The openldap server is 2.4.13, compiled from the source to get the deref
> module.
> >
> > Use provision backend as documented in the wiki:
> >
> > setup/provision-backend --domain=sv.net --realm=sv.net
> > --ldap-admin-pass=penguin --ldap-backend-type=openldap
> > --server-role='domain controller'
> >
> > And provision with:
> >
> > setup/provision --host-name=debianbase4 --domain=sv.net --realm=sv.net
> > --ldap-backend=ldapi --ldap-backend-type=openldap --password=penguin
> > --username=samba-admin --server-role='domain controller'
> >
> > But i get the error:
> >
> > ldb.LdbError: (21, 'LDAP error 21 LDAP_INVALID_ATTRIBUTE_SYNTAX -
> > <wellKnownObjects: value #0 invalid per syntax> <>')
>




Which version of Debian are u using? lenny? etch?

Check out the OpenLDAP version u are using by 'dpkg -l | grep slapd'



Basically the provision-backend will provide all openldap configuration
files (slapd.conf etc...) but not all of them are valid for your
configuration.

Debain used OpenLDAP in a dynamic library mode, which means most of the
overlays are compiled dynamically. So all you need is to update the
modules.conf file to run the required overlday using by samba4. If you are
running Alpha5 then having the following in the conf file should run OK:



*moduleload refint
moduleload memberof
moduleload back_hdb
moduleload syncprov*



If you are using the latest git version, then you must compile OpenLDAP
since samab4 now using a new overlay named deref which doesn't come yet in
Debian Packages.

Could you please provide the error u getting when running

Slapd –c slapd.conf  ………. –d-1



Sassy

>
>
> You will need to use a more recent version.  The OpenLDAP backend was
> unintentionally broken for a time.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett
> http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> Samba Developer, Red Hat Inc.
>


More information about the samba-technical mailing list