How to test samba LDAP parameters with openldap tools, eg ldapsearch?

Alexander Bokovoy ab at
Wed Apr 12 10:58:59 UTC 2023

On ke, 12 huhti 2023, Jan Andersen via samba-technical wrote:
> I have an openLDAP service running on a debian 11 system, and Samba 4.13 on
> another Debian 11. In smb.conf I have set up the following:
>   # LDAP Settings
>   passdb backend = ldapsam:ldap://
>   ldap suffix = dc=zombie,dc=io
>   ldap user suffix = ou=people
>   ldap group suffix = ou=groups
>   ldap machine suffix = ou=computers
>   ldap idmap suffix = ou=Idmap
>   ldap admin dn = cn=admin,dc=zombie,dc=io
>   ldap ssl = start tls
>   ldap passwd sync = yes
> I have some trouble understanding why this doesn't appear to work, and I
> would like to try to understand how these parameters map to the parameters
> of, say, ldapsearch, so I can see if the problem lies there.
> I have run smbd with max debugging, and as far as I can see, it successfully
> makes contact with the LDAP server, but then doesn't find the user I'm
> trying to log in with. However, when I do a search with ldapsearch, like
> this:
> ldapsearch -v -b "dc=zombie,dc=io" -H ldaps:// -D
> "cn=admin,dc=zombie,dc=io" -W
> - I find the user in the output. So, my question is, which ldapsearch
> command would be equivalent to what smbd is doing?

Please provide logs from smbd side.

/ Alexander Bokovoy

More information about the samba-technical mailing list