[Samba] Samba PDC & ldapi://

Andrew Bartlett abartlet at samba.org
Wed Mar 10 11:03:45 GMT 2004 

On Wed, 2004-03-10 at 02:03, Adam Williams wrote:
> I've seen several references on the web to setting up the LDAP SAM to
> communicate with the LDAP server via ldapi (IPC) verses ldap (IP).  This
> should theoretically much faster.  
> 
> My LDAP master is on the same host as the Samba PDC.  With nss_ldap
> using "uri ldap://localhost" and Samba using "ldapsam:ldap://localhost/"
> everything works.
> 
> But changing nss_ldap to use "uri ldapi://%2fvar%2frun%2fldapi/" breaks
> Samba.  Commands like "ls", "finger", and "id" continue to be able to
> identify users, but Samba starts reporting "no such user" errors.
> 
> Leaving nss_ldap using "ldap://localhost/" and changing ldapsam to be
> "ldapi://%2fvar%2frun%2fldapi" also breaks Samba.
> 
> Of course, having both NSS and Samba use ldapi doesn't work either.
> 
> Exceuting "ldapsearch -H ldapi://%2fvar%2frun%2fldapi/ uid=adam" works,
> so I don't suspect a problem with the ldapi protocol/socket itself.
> 
> Is there known bugs/problems with Samba using ldapi? (This is samba
> 3.0.2).

I run my nss_ldap with:

uri ldap://127.0.0.1/ ldap://ldap.internal.hawkerc.net

and samba with

passdb backend = ldapsam:"ldapi:// ldap://ldap.internal.hawkerc.net"

Which causes nss_ldap to use TCP sockets, for the local and backup ldap
server.  Samba uses ldapi for the local, and TCP for the backup server.

I never quite managed to get the full path syntax right in Samba, but
ldapi:// works for me.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040310/35e706a7/attachment.bin

More information about the samba mailing list