Samba and referrals in LDAP

MarshallJ at switch.aust.com MarshallJ at switch.aust.com
Tue Jan 22 19:18:02 GMT 2002 

I've managed to get Samba to store its passdb in an LDAP (openldap 2.0.18) 
backend (using 2.2 cvs from about a week ago) and all is working well 
except in a multi-ldap-server configuration.

When I am communicating with the master ldap server, I am able to 
add/change/delete entries. When communicating with a slave ldap server, I 
get a referral to the master ldap server to make the change. When samba 
contacts the master ldap server, it doesn't bind with the appropriate dn 
to authenticate and make the change.

I am using simple authentication (ie not SASL) and am not currently using 
SSL.

Here's a command I tried:

marshallj at 10.10.10.11:~$ sudo smbpasswd fred
New SMB password:
Retype new SMB password:
failed to modify user with uid = fred with: Insufficient access

Failed to modify entry for user fred.
Failed to modify password entry for user fred

Here's a snippet of the logs:

Jan 23 13:07:32 slaveldap slapd[15472]: daemon: conn=11 fd=14 connection 
from IP=10.10.10.11:4005 (IP=0.0.0.0:34049) accepted.
Jan 23 13:07:32 slaveldap slapd[15481]: conn=11 op=0 BIND 
dn="UID=MARSHALLJ,OU=PEOPLE,DC=USSAUS" method=128
Jan 23 13:07:32 slaveldap slapd[15481]: conn=11 op=0 RESULT tag=97 err=0 
text=
Jan 23 13:07:32 slaveldap slapd[15472]: deferring operation
Jan 23 13:07:32 slaveldap slapd[15480]: conn=11 op=1 SRCH 
base="ou=samba,dc=ussaus" scope=2 
filter="(&(uid=fred)(objectClass=sambaAccount))"
Jan 23 13:07:32 slaveldap slapd[15480]: conn=11 op=1 SEARCH RESULT tag=101 
err=0 text=
Jan 23 13:07:32 slaveldap slapd[15481]: conn=11 op=2 MOD 
dn="uid=fred,ou=samba,dc=ussaus"
Jan 23 13:07:32 slaveldap slapd[15481]: conn=11 op=2 RESULT tag=103 err=9 
text=Referral: ldap://masterldap.ussbris
Jan 23 13:07:32 slaveldap slapd[15480]: conn=11 op=3 UNBIND
Jan 23 13:07:32 slaveldap slapd[15480]: conn=-1 fd=14 closed


Jan 23 13:07:32 masterldap slapd[5268]: daemon: conn=62 fd=15 connection 
from IP=10.10.10.11:4006 (IP=0.0.0.0:34049) accepted.
Jan 23 13:07:32 masterldap slapd[5274]: conn=62 op=0 BIND dn="" method=128
Jan 23 13:07:32 masterldap slapd[5274]: conn=62 op=0 RESULT tag=97 err=0 
text=
Jan 23 13:07:32 masterldap slapd[5287]: conn=62 op=1 MOD 
dn="uid=fred,ou=samba,dc=ussaus"
Jan 23 13:07:32 masterldap slapd[5287]: conn=62 op=1 RESULT tag=103 err=50 
text=
Jan 23 13:07:32 masterldap slapd[5286]: conn=62 op=2 UNBIND
Jan 23 13:07:32 masterldap slapd[5286]: conn=-1 fd=15 closed
Jan 23 13:07:32 masterldap slapd[5268]: conn=-1 fd=10 closed


Notice that when 10.10.10.11 connects to the master ldap server, it sends 
an empty dn in the BIND operation.

I assume this is a bug in the software (be it samba or a library it uses) 
- is there a work-around for this?

Thanks for any assistance,

Josh Marshall

More information about the samba mailing list