[Samba] Bizarre LDAP behaviour
sambalist at tr.wunsch.org
Tue Jun 22 18:00:03 GMT 2004
I'm trying to get Samba set up to read all account information from my
existing LDAP directory. I have nss_ldap set up and working correctly.
I'm using Mandrake 10.0, and the problem occurs both with their Samba
3.0.2a packages and the Samba 3.0.4 RPMs from samba.org.
When Samba queries the LDAP server, it seems to be using the admin DN as
the *search base*, rather than using the suffix configured in smb.conf.
The appropriate bit of my smb.conf (with the organization name
removed, obviously) looks like this:
passdb backend = ldapsam:ldap://ldap.fakeorgname.dom
ldap admin dn = cn=Manager,o=Organization Name
ldap delete dn = no
ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
ldap group suffix = cat=Groups
ldap machine suffix = cat=Computers
ldap passwd sync = yes
ldap ssl = off
ldap suffix = o=Organization Name
ldap user suffix = cat=Staff
When I sniff the LDAP queries or look at log.smbd, I see that the base DN
being used for the queries is "cn=Manager,o=Organization Name" or even
"cat=Groups,cn=Manager,o=Organization Name". This makes no sense at all
to me. I even browsed through the code, and I can't see any way that
these two configuration items could possibly get mixed up.
Can anybody suggest any way that this could occur, or anything that I
should check to resolve this?
More information about the samba