How to test samba LDAP parameters with openldap tools, eg ldapsearch?
Jan Andersen
jan at comind.io
Wed Apr 12 09:58:19 UTC 2023
I have an openLDAP service running on a debian 11 system, and Samba 4.13
on another Debian 11. In smb.conf I have set up the following:
# LDAP Settings
passdb backend = ldapsam:ldap://vogon.zombie.io
ldap suffix = dc=zombie,dc=io
ldap user suffix = ou=people
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=admin,dc=zombie,dc=io
ldap ssl = start tls
ldap passwd sync = yes
I have some trouble understanding why this doesn't appear to work, and I
would like to try to understand how these parameters map to the
parameters of, say, ldapsearch, so I can see if the problem lies there.
I have run smbd with max debugging, and as far as I can see, it
successfully makes contact with the LDAP server, but then doesn't find
the user I'm trying to log in with. However, when I do a search with
ldapsearch, like this:
ldapsearch -v -b "dc=zombie,dc=io" -H ldaps://vogon.zombie.io -D
"cn=admin,dc=zombie,dc=io" -W
- I find the user in the output. So, my question is, which ldapsearch
command would be equivalent to what smbd is doing?
More information about the samba-technical
mailing list