SAMBA4 provision with OpenLDAP giving NT_STATUS_INVALID_PARAMETER

Joe Comeaux joe.comeaux at gmail.com
Wed Jan 12 14:24:57 MST 2011 

Still trying to get Samba4 installed with OpenLDAP as the back end.
I've followed the steps on
http://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP on a
ubuntu 10.10 clean install. I've tried openldap from cvs as well as
stable-2.4.23, samba from rsync as well as samba-4-0.0.0alpha14. All
give the same error. ( there was a small window with the samba rsync
branch at the beginning of december where the provision script
actually was able to complete, but then I would get no schema head
present errors when trying to use samba-tool )

setup/provision --realm=LDAP.SAMBA.EXAMPLE.COM --domain=LDAP
--server-role='domain controller' --ldap-backend-type=openldap
--slapd-path=/usr/local/libexec/slapd
Administrator password will be set randomly!
Looking up IPv4 addresses
config file testing succeeded
Failed to bind - LDAP client internal error: NT_STATUS_UNEXPECTED_NETWORK_ERROR
Failed to connect to
'ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi' with backend
'ldapi'
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to
'ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi' with backend
'ldapi'
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER

The invalid_parameter error message is repeated 15 times before the
provision script eventually gives up and fails with :
Could not connect to slapd started with: '/usr/local/libexec/slapd'
'-F/usr/local/samba/private/ldap/slapd.d' '-h'
'ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi' '-d0'
ProvisioningError: slapd never accepted a connection within 15 seconds
of starting

----- Anatoliy Atanasov -----
> On clean Ubuntu 10.10 install i fixed it by running make install again in the
> openldap folder, also before provisioning make sure to clean the prefix folder
> you are installing into and do again make install for samba4.

I tried this, got same results.

----- Andrew Bartlett -----
> ensure that slapd -Ttest always runs.

/usr/local/libexec/slapd -Ttest -F/usr/local/samba/private/ldap/slapd.d
hdb_monitor_db_open: monitoring disabled; configure monitor database to enable
config file testing succeeded

some other information that may be helpful, when running
'/usr/local/libexec/slapd' '-F/usr/local/samba/private/ldap/slapd.d'
'-h' 'ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi' '-d99'
to verify that slapd is able to open, I get this :

backend_startup_one: starting "dc=ldap,dc=samba,dc=example,dc=com"
hdb_db_open: database "dc=ldap,dc=samba,dc=example,dc=com":
dbenv_open(/usr/local/samba/private/ldap/db/user).
str2filter "(!(rdnValue=*))"
put_filter: "(!(rdnValue=*))"
put_filter: NOT
put_filter_list "(rdnValue=*)"
put_filter: "(rdnValue=*)"
put_filter: simple
put_simple_filter: "rdnValue=*"
begin get_filter
NOT
begin get_filter
PRESENT
ber_scanf fmt (m) ber:
end get_filter 0
end get_filter 0
=> hdb_search
bdb_dn2entry("dc=ldap,dc=samba,dc=example,dc=com")
=> hdb_dn2id("dc=ldap,dc=samba,dc=example,dc=com")
<= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988)
send_ldap_result: conn=-1 op=0 p=0
bdb_dn2entry("dc=ldap,dc=samba,dc=example,dc=com")
=> hdb_dn2id("dc=ldap,dc=samba,dc=example,dc=com")
<= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988)
slapd starting


I notice some NOT...PRESENT error messages after the rdnValue filter
message, which leads me to think that perhaps there may be an error
with the rdnval. The rdnval.so is compiled and exists in
/usr/local/libexec/openldap

I tried compiling openldap with some more flags to see if that made
any difference, but it didnt. ( --with-cyrus-sasl
--enable-overlays=mod --enable-modules --enable-spasswd
--enable-lmpasswd --enable-dynamic --enable-rewrite --enable-ldap
--enable-deref )


This is where I get stuck. I don't know where to go from here. It
seems to me like the provision script is building all the LDAP pieces,
but when it comes time to connecting it just errors out. I dont know
if this is because it may be depending on some SASL pieces which may
not be installed, or if it has anything to do with ubuntu relying on
gnutls as opposed to the SSL pieces for encryption or what.

Any ideas on how to get this up and running are appreciated.
Thanks
-Joe Comeaux

More information about the samba-technical mailing list