samba with openldap provisioning

[Howard Chu]

> Date: Tue, 03 Sep 2013 10:42:36 +1200
 > From: Andrew Bartlett <abartlet at samba.org>

>> > On Mon, 2013-09-02 at 17:09 +0300, Nadezhda Ivanova wrote:
>>> > > Hi Andrew,
>>> > >
>>> > > I was also able to provision, after applying your patches and removing
>>> > > --use-rfc2307 and adding --use-ntvfs in my provision command. Phew!
>>> > > One step forward! Now I get a bigger shovel and continue digging on
>>> > > the openldap side, I'll keep you posted on the progress.
>> >
>> > Great!  So I can reproduce exactly what you did, was this with OpenLDAP
>> > from CVS or from GIT?
>> >
>> > Let's keep digging, we will make this pig fly again!
>
> I've found the missing patch.  We ripped this out when we dropped the
> LDAP backend.  With this patch, we now connect in 'samba', and are ready
> to pass the baton back over to the OpenLDAP side of things.  The next
> error is from slapd, with one of the reasons we stopped doing this:
> 'invalid' (presumably extended) DNs.
>
> dn: cn=NTDS
> Settings,cn=RUTH,cn=Servers,cn=Default-First-Site-Name,cn=Sites,cn=Configuration,dc=ldap,dc=samba,dc=example,dc=com
>
>
>
> ldb: ldb_trace_response: DONE
> error: 0
>
> ldb: ldb_trace_next_request: (partition)->search
> ldb: ldb_trace_next_request: (schema_data)->search
> ldb: ldb_trace_next_request: (entryuuid)->search
> ldb: ldb_trace_next_request: (paged_searches)->search
> ldb: ldb_trace_next_request: (simple_dn)->search
> ldb: ldb_trace_next_request: (ldap)->search
> ldb: ldb_asprintf/set_errstring: LDAP error 34 LDAP_INVALID_DN_SYNTAX -
> <invalid DN> <>

I don't see anything special about the DN you quoted above. You'd have to 
check the slapd debug output here. If that's the DN you *think* you're 
sending, but that's not the DN that slapd received then there's an encoding 
error somewhere.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/