[Samba] LDAP Filter Problem
Peak, John
John.Peak at McKesson.com
Mon Jan 27 13:17:04 GMT 2003
Brad,
Thanks for the suggestions. I got rid of the realm and changed back the
LDAP filter to what you suggested to no avail.
I assume that Samba is directly responsible for sending the LDAP search
query to slapd. Is this correct? With the slapd debugging turned on I
see that LDAP gets the same query twice to retrieve an account when I
try to connect as a Samba client (see details below). Is the filter
defined in smb.conf the same filter that is supposed to be used in this
query because if so it doesn't seem to work. Also, is it correct for
Samba to prefix the domain name to the userid before querying the LDAP
database? If I query my LDAP database using this filter it obviously
returns nothing, but if I remove the "ELUCIDATION\" domain prefix it
does return the user record. It's frustrating because I feel like I
know what the problem is, but don't know how to fix it.
Any other ideas would be greatly appreciated!
John
Samba Client Connection
==================
smbclient -d 4 -L boo -U root%password -W ELUCIDATION
debug.log:
=======
Jan 27 07:37:14 boo slapd[8038]: connection_get(25)
Jan 27 07:39:40 boo slapd[8038]: connection_get(25)
Jan 27 07:39:40 boo slapd[14586]: send_ldap_result: 0::
Jan 27 07:39:40 boo slapd[8038]: connection_get(25)
Jan 27 07:39:40 boo slapd[14719]: SRCH "ou=Users,dc=ELUCIDATION" 1 0
Jan 27 07:39:40 boo slapd[14719]: 1 0 0
Jan 27 07:39:40 boo slapd[14719]: filter:
(&(objectClass=posixAccount)(uid=elucidation\5Croot))
Jan 27 07:39:40 boo slapd[14719]: attrs:
Jan 27 07:39:40 boo slapd[14719]: uid
Jan 27 07:39:40 boo slapd[14719]: userPassword
Jan 27 07:39:40 boo slapd[14719]: uidNumber
Jan 27 07:39:40 boo slapd[14719]: gidNumber
Jan 27 07:39:40 boo slapd[14719]: cn
Jan 27 07:39:40 boo slapd[14719]: homeDirectory
Jan 27 07:39:40 boo slapd[14719]: loginShell
Jan 27 07:39:40 boo slapd[14719]: gecos
Jan 27 07:39:40 boo slapd[14719]: description
Jan 27 07:39:40 boo slapd[14719]: objectClass
Jan 27 07:39:40 boo slapd[14719]:
Jan 27 07:39:40 boo slapd[8038]: connection_get(25)
Jan 27 07:39:40 boo slapd[9285]: SRCH "ou=Users,dc=ELUCIDATION" 1 0
Jan 27 07:39:40 boo slapd[9285]: 1 0 0
Jan 27 07:39:40 boo slapd[9285]: filter:
(&(objectClass=posixAccount)(uid=ELUCIDATION\5CROOT))
Jan 27 07:39:40 boo slapd[9285]: attrs:
Jan 27 07:39:40 boo slapd[9285]: uid
Jan 27 07:39:40 boo slapd[9285]: userPassword
Jan 27 07:39:40 boo slapd[9285]: uidNumber
Jan 27 07:39:40 boo slapd[9285]: gidNumber
Jan 27 07:39:40 boo slapd[9285]: cn
Jan 27 07:39:40 boo slapd[9285]: homeDirectory
Jan 27 07:39:40 boo slapd[9285]: loginShell
Jan 27 07:39:40 boo slapd[9285]: gecos
Jan 27 07:39:40 boo slapd[9285]: description
Jan 27 07:39:40 boo slapd[9285]: objectClass
Jan 27 07:39:40 boo slapd[9285]:
Jan 27 07:39:41 boo slapd[8038]: connection_get(25)
~-~-~-~-~-~-~-~-~-~-~-~-~-~
John Peak
Revenue Cycle Solutions
McKesson Corp.
john.peak at mckesson.com
404.338.2701
-----Original Message-----
From: Bradley W. Langhorst [ mailto:brad at langhorst.com
<mailto:brad at langhorst.com> ]
Sent: Friday, January 24, 2003 4:52 PM
To: Peak, John
Cc: samba at lists.samba.org
Subject: RE: [Samba] LDAP Filter Problem
On Fri, 2003-01-24 at 16:32, Peak, John wrote:
> I am sure there are some extraneous parameters in it from all the
> things I've tried, but here it is....
...
> # Global parameters
> [global]
> realm = ELUCIDATION
what's this doing here?
> ldap filter = "(&(uid=%u)(objectclass=ixAccount))"
i think this should be
ldap filter = (&(uid=%u)(objectclass=sambaAccount))
unless you've done something unusual
brad
--
Bradley W. Langhorst <brad at langhorst.com>
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the samba
mailing list