SAMBA4 provision against LDAP backend getting SASL error

Andrew Bartlett abartlet at samba.org
Fri Dec 3 19:45:13 MST 2010 

On Fri, 2010-12-03 at 20:27 -0600, Joe Comeaux wrote:
> > I think you are misunderstanding how the Samba4 OpenLDAP backend
> > works, and are both thinking to hard about the problem, and attempting
> > to 'fix'
> > too many things at once.
> 
> I can't deny that I am absolutely misunderstanding something somewhere.

I think it partly comes from not starting at the right place:
http://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP

I've taken the liberty of CCing this back to the mailing list, so that
others can also understand a bit more about how the OL backend works,
and how to set it up. 

> > It is *not* possible to just connect Samba4 to an existing LDAP
> > server, and it will fail if you do so.
> 
> This is exactly what I was trying to do, which I will now attempt to
> let the provision script "build" the ldap back end.
> 
> > If you are having problems, you should first run Samba4 from
> > the GIT repo, compiled with all libraries internally, or use
> > Jelmer's PPA for current versions of Samba4.
> 
> I installed samba4 both from the ubuntu repository, and from the GIT
> repository, both with the same results. I don’t have my notes in front
> of me for the exact history, but the current iteration is basically as
> follows.
> OpenLDAP installed from ubuntu repository, tested and working as
> expected ( ldap home when launched from /etc/init.d/slapd =
> /etc/ldap/slapd.d/ ).

OpenLDAP HEAD from thier CVS is known to work. 

> The directory structure is there, but the slapd.d directory is
> completely empty. Same thing when installing Samba4 from the ubuntu
> apt-get repository. Ubuntu puts it in /var/lib/samba/ ..., but the
> slapd.d directory is still empty. That's why I assumed it was up to me
> to populate it with some good ldap back end data.
> 
> Did I miss an installation step that populates that slapd.d directory,
> or is that something I'm expected to build in order to be able to kick
> off the provision script?

That is the slapd -Tslaptest invocation earlier in the script, which
converts from the slapd.conf into the config directory.  I can't see any
reason why we don't detect a failure here, but I'll do what I can to
make it more robust.

But I think you may be missing overlays.  You must follow the
instructions in
http://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP to get all
the right overlays installed.  That is easiest done from a source
installation. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20101204/17329544/attachment.pgp>

More information about the samba-technical mailing list