[Samba] "ldap passwd sync" not working
Misty Stanley-Jones
misty at borkholder.com
Mon Feb 7 14:01:10 GMT 2005
On Saturday 05 February 2005 02:17 pm, Alexander Zubkov wrote:
> In debug mode smbpasswd say this:
> ---- samba 3.0.11 ----
...
> smbldap_check_root_dse: Expected one rootDSE, got 0
> ldap_connect_system: succesful connection to the LDAP server
> ldap_connect_system: LDAP server does not support paged results
> smbldap_check_root_dse: Expected one rootDSE, got 0
> ldap password change requested, but LDAP server does not support it --
> ignoring
> ldapsam_update_sam_account: successfully modified uid = test in the LDAP
> database
> --------
>
> Why samba-3.0.6 can sync password and samba-3.0.11 say that may LDAP
> server does not support it? Any ideas?
>
> ----
> Alexander Zubkov
I am guessing that Samba is using a different criteria/mechanism to change the
passwords now. Perhaps it has to do with increasing support for non-openLDAP
implementations. One thing I noticed is that your rootDSE is not readable.
The rootDSE contains information about your LDAP server that some
applications (such as addressbooks that need to automatically determine the
baseDN) need. Info about the rootDSE can be found at
http://www.techgalaxy.net/Docs/Dev/LDAPv3 RootDSE Overview.htm.
For OpenLDAP you need an ACL like this:
access to attrs=namingcontexts
by anonymous read
(or lock it down by IP range or some other way to make it more secure)
Correcting your LDAP config to include the above may keep Samba from being
confused -- just a thought.
Misty
More information about the samba
mailing list