[Samba] Re: Authenticateing DC's on an ldap backend... nobody knows how?

Thu Sep 30 13:58:49 GMT 2004

Jim C. wrote:
>> access to dn.subtree="dc=j9starr,dc=net"
>>     by group/posixGroup/memberUid="cn=Domain 
>> Controllers,ou=Group,dc=j9starr,dc=net"
>>     by * read
> 
> 
> I pulled that info from faq-o-matic just a minute ago. No dice.  See below.
> 
>> access to dn.subtree="dc=j9starr,dc=net"
>>     by group/posixGroup/memberUid="cn=Domain 
>> Controllers,ou=Group,dc=j9starr,dc=net"
>>     by * read
>>
>> # Do not enable referrals until AFTER you have a working directory
>> # service AND an understanding of referrals.
>> #referral       ldap://root.openldap.org
>>
>> pidfile         /var/run/ldap/slapd.pid
>> argsfile        /var/run/ldap/slapd.args
>>
>> modulepath      /usr/lib/openldap
>> "slapd.conf" 154L, 5397C written
>> [root at enigma 0 openldap]$ slapd -t
>> /etc/openldap/slapd.conf: line 47: group "cn=Domain 
>> Controllers,ou=Group,dc=j9starr,dc=net": inappropriate syntax: 
>> 1.3.6.1.4.1.1466.115.121.1.26

My bad - I forgot to add 'write':

access to dn.subtree="dc=j9starr,dc=net"
	by group/posixGroup/memberUid="cn=Domain 
Controllers,ou=Group,dc=j9starr,dc=net" write
	by * read

Igor