[Samba] Samba and netgroups in LDAP

Tom Crummey tom at ee.ucl.ac.uk
Thu Aug 25 15:43:09 GMT 2005 

Hello,

I've been having problems with netgroups and samba-3.0.20 where the
netgroups are stored in a SUN ONE LDAP directory server v5.2. It seems
there is an incompatibility between the OpenLDAP libraries which are
used by samba to directly query the LDAP directory and the need for the
nss_ldap functions to use the SUN LDAP libraries. When a netgroup is
searched, samba uses the function innetgr which then uses the host nss_*
infrastructure to direct the query to the correct name service.

The symptoms are that the query produces errors in /var/adm/messages
(syslog) as follows:

Aug 25 14:23:12 spock smbd[6230]: [ID 293258 user.error] libsldap:
Status: 7  Mesg: LDAP ERROR (-7): Bad search filter.

The query is never sent to the LDAP server.

I suppose the possible fixes are:

1) Get samba to compile with the SUN LDAP client libraries (I read
soemwhere that someone is working on patches to achieve this?)

2) Forget about netgroups and hope that none of the other nss_ldap
queries are affected.

3) Forget about SUN LDAP directory server and use OpenLDAP.

4) Track down the offending library call and decide how to reconcile the
two libraries.

Has anyone any other suggestions?




-----Forwarded Message-----
From: Tom Crummey <tom at ee.ucl.ac.uk>
To: Gerald (Jerry) Carter <jerry at samba.org>
Subject: Re: [Samba] Samba and netgroups in LDAP
Date: Wed, 24 Aug 2005 15:12:48 +0100

Hello Jerry,

Thanks for the reply. Since my original email I've upgraded to 3.0.20
and found the same problem. I've looked at the samba source and I've
written a small C program which looks up a host in a netgroup in the
same way. This works fine. The samba version produces an error in
syslog:

smbd[12485]: [ID 293258 user.error] libsldap: Status: 7  Mesg: LDAP
ERROR (-7): Bad search filter.

The problem is, I can't see where a search filter is set; both programs
use the innetgr library call and as far as I can tell at the moment,
both get the library from libc. 

I'll do some more digging to see if I can find where the difference
between my program and samba lies. If you or anyone else has any
inklings, please let me know.

Thanks,
-- 
Tom.

----------------------------------------------------------------------------
 Tom Crummey, Systems and Network Manager,   EMAIL: tom at ee.ucl.ac.uk
 Department of Electronic and Electrical Engineering,                  
 University College London,                  TEL: +44 (0)20 7679 3898   
 Torrington Place,                           FAX: +44 (0)20 7388 9325
 London, UK, WC1E 7JE.                         
----------------------------------------------------------------------------

More information about the samba mailing list