How to test samba LDAP parameters with openldap tools, eg ldapsearch?

Jan Andersen jan at
Wed Apr 12 09:58:19 UTC 2023

I have an openLDAP service running on a debian 11 system, and Samba 4.13 
on another Debian 11. In smb.conf I have set up the following:

   # LDAP Settings
   passdb backend = ldapsam:ldap://
   ldap suffix = dc=zombie,dc=io
   ldap user suffix = ou=people
   ldap group suffix = ou=groups
   ldap machine suffix = ou=computers
   ldap idmap suffix = ou=Idmap
   ldap admin dn = cn=admin,dc=zombie,dc=io
   ldap ssl = start tls
   ldap passwd sync = yes

I have some trouble understanding why this doesn't appear to work, and I 
would like to try to understand how these parameters map to the 
parameters of, say, ldapsearch, so I can see if the problem lies there.

I have run smbd with max debugging, and as far as I can see, it 
successfully makes contact with the LDAP server, but then doesn't find 
the user I'm trying to log in with. However, when I do a search with 
ldapsearch, like this:

ldapsearch -v -b "dc=zombie,dc=io" -H ldaps:// -D 
"cn=admin,dc=zombie,dc=io" -W

- I find the user in the output. So, my question is, which ldapsearch 
command would be equivalent to what smbd is doing?

More information about the samba-technical mailing list