[Samba] Bizarre LDAP behaviour

Paul Gienger pgienger at ae-solutions.com
Wed Jun 23 12:43:54 GMT 2004

Do you actually specify your ldap suffix anyplace?  It could be trying 
to guess at the suffix using LDAP entries you do have.

Scott Wunsch wrote:

>I'm trying to get Samba set up to read all account information from my
>existing LDAP directory.  I have nss_ldap set up and working correctly. 
>I'm using Mandrake 10.0, and the problem occurs both with their Samba
>3.0.2a packages and the Samba 3.0.4 RPMs from samba.org.
>When Samba queries the LDAP server, it seems to be using the admin DN as
>the *search base*, rather than using the suffix configured in smb.conf.
>The appropriate bit of my smb.conf (with the organization name
>removed, obviously) looks like this:
>passdb backend = ldapsam:ldap://ldap.fakeorgname.dom
>ldap admin dn = cn=Manager,o=Organization Name
>ldap delete dn = no
>ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
>ldap group suffix = cat=Groups
>ldap machine suffix = cat=Computers
>ldap passwd sync = yes
>ldap ssl = off
>ldap suffix = o=Organization Name
>ldap user suffix = cat=Staff
>When I sniff the LDAP queries or look at log.smbd, I see that the base DN
>being used for the queries is "cn=Manager,o=Organization Name" or even
>"cat=Groups,cn=Manager,o=Organization Name".  This makes no sense at all
>to me.  I even browsed through the code, and I can't see any way that
>these two configuration items could possibly get mixed up.
>Can anybody suggest any way that this could occur, or anything that I
>should check to resolve this?

Paul Gienger                     Office:		701-281-1884
Applied Engineering Inc.         Cell:			701-306-6254
Information Systems Consultant   Fax:			701-281-1322
URL: www.ae-solutions.com        mailto:pgienger at ae-solutions.com

More information about the samba mailing list