[Samba] [Bug?Report] ldapsam duplication of output if two ldapsam
sources
Jérôme Fenal
jerome.fenal at logicacmg.com
Tue Nov 18 09:22:34 GMT 2003
Goog morning,
First of all, my setup :
- Samba 3.0.1pre1 to Samba 3.0.1pre3 (RPM home recompiled from samba.org
SRPM);
- OpenLDAP 2.0.27 (stock RH9) + Solaris RootDSE patch, all on RH9;
- Two LDAP servers (one master, one slave, replication of all the base);
- Samba setup as PDC + BDC, using Samba3 LDAP schema.
I noticed a few days ago in the NT4 srvtools that the first query (when
opening the usrmgr.exe) returned all accounts twice.
Further investigating, it seems that this is due to the specification in
smb.conf of two ldapsam sources (for redundancy and availability) :
From the LDAP point of vue :
$ ldapsearch -h localhost -D 'cn=Manager,dc=secret,dc=com' -x -w secret
'(objectClass=posixAccount)' uid -LLL | grep ^dn | wc -l
381
(eg. 380 - see below - plus root redefinition for Samba)
From Posix PoV :
# getent passwd | wc -l
416
# wc -l /etc/passwd
36 /etc/passwd
From Samba PoV :
If in smb.conf, I set :
> passdb backend= ldapsam:ldap://localhost, ldapsam:ldap://slave
I get :
$ pdbedit -L | wc -l
760
If I set only one LDAP server (localhost only for instance) :
$ pdbedit -L | wc -l
380
So I know I can avoid the problem by not specifying two sources, but I'd
prefer setting both, for availability reasons.
Excerpt from smb.conf (testparm output anon'd):
# Global parameters
[global]
unix charset = UTF8
workgroup = DOMPARIS
netbios aliases = DOMPDC01
server string = DOMPARIS PDC server
update encrypted = Yes
passdb backend = ldapsam:ldap://localhost
passwd program = /usr/local/sbin/smbldap-passwd.pl %u
passwd chat = *New*password* %n\n *new*password* %n\n
log level = 1
log file = /var/log/samba/%m
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/local/sbin/smbldap-useradd.pl -a -m -d
/home/%u %u
delete user script = /usr/local/sbin/smbldap-userdel.pl %u
add group script = /usr/local/sbin/smbldap-groupadd.pl %g
delete group script = /usr/local/sbin/smbldap-groupdel.pl %g
add user to group script = /usr/local/sbin/smbldap-usermod -G %g %u
add machine script = /usr/local/sbin/smbldap-useradd.pl -w %m
logon script = LOGON.BAT
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\%u
domain logons = Yes
os level = 64
domain master = Yes
dns proxy = No
wins server = 172.17.0.1
ldap suffix = dc=domain,dc=com
ldap machine suffix = ou=Computers,dc=domain,dc=com
ldap user suffix = ou=People,dc=domain,dc=com
ldap group suffix = dc=domain,dc=com
ldap idmap suffix = dc=domain,dc=com
ldap admin dn = cn=Manager,dc=domain,dc=com
ldap passwd sync = Yes
ldap delete dn = Yes
admin users = root, jerome, david
printer admin = jerome, root
hide dot files = No
[netlogon]
path = /home/samba/netlogon
write list = @wheel, root
[profiles]
path = /home/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
I can file a bug on BugZilla if bug confirmed.
Regards,
Jérôme
--
Jérôme Fenal - Consultant Unix/SAN/Logiciel Libre
Groupe Expert & Managed Services - LogicaCMG France
http://www.logicacmg.com/fr/ - <mailto:jerome.fenal AT logicacmg.com>
More information about the samba
mailing list