[Samba] Samba PDC w/ LDAP & Mass Adding Users

[msmith at edtech.mcc.edu]

Hi, I am running into a bit of a strange problem. I have a Perl script
that creates usernames for mass-adding users. This script used to use the
standard Linux 'adduser' command to add users to the system. I am now
switching everything over to LDAP, including Samba.
I have modified the custom Perl script to add users in bulk for
smbldap-tools.

system("smbldap_tools/smbldap-useradd -a -g students -c
\"$Ofirst,$Olast,$studentnum\" -C '\\\\FILESERVER\\homes\\$username' -d
$homedir/$username -m $username");

I also create a group entry for students:

dn: cn=students,ou=Groups,dc=test-mcc,dc=edu
objectClass: posixGroup,sambaGroupMapping
cn: students
gidNumber: 1113
sambaSID: S-1-5-21-2737720518-3188833511-1042965985-3227
sambaGroupType: 2
displayName: students

Now, I start the custom Perl script to mass-add users, and it adds 120
users, and then users stop being added. smbldap-useradd returns no kind of
error, it almost seems like it thinks it is adding the users, but they
really aren't getting added after 120 users. The first 120 users seem
fine. I took a look in the LDAP file, and for the remaining users, it is
still binding, searching, but doesn't appear to actually add the user
info:

Jun 28 04:56:49 esdev2 slapd[16063]: conn=12629 op=0 BIND
dn="cn=Manager,dc=test-mcc,dc=edu" method=128
Jun 28 04:56:49 esdev2 slapd[16063]: conn=12629 op=0 BIND
dn="cn=Manager,dc=test-mcc,dc=edu" mech=SIMPLE ssf=0
Jun 28 04:56:49 esdev2 slapd[16063]: conn=12629 op=0 RESULT tag=97 err=0
text=
Jun 28 04:56:49 esdev2 slapd[11498]: conn=12629 op=1 SRCH
base="dc=test-mcc,dc=edu" scope=2 deref=2
filter="(&(objectClass=posixAccount)(uid=tmoore))"
Jun 28 04:56:49 esdev2 slapd[11498]: conn=12629 op=1 SEARCH RESULT tag=101
err=0 nentries=0 text=
Jun 28 04:56:49 esdev2 slapd[11424]: conn=12629 fd=11 closed
Jun 28 04:56:50 esdev2 slapd[11424]: conn=12630 fd=11 ACCEPT from
IP=207.74.136.238:43817 (IP=0.0.0.0:636)
Jun 28 04:56:50 esdev2 slapd[11506]: conn=12630 op=0 BIND
dn="cn=Manager,dc=test-mcc,dc=edu" method=128
Jun 28 04:56:50 esdev2 slapd[11506]: conn=12630 op=0 BIND
dn="cn=Manager,dc=test-mcc,dc=edu" mech=SIMPLE ssf=0
Jun 28 04:56:50 esdev2 slapd[11506]: conn=12630 op=0 RESULT tag=97 err=0
text=
Jun 28 04:56:50 esdev2 slapd[11499]: conn=12630 op=1 SRCH
base="dc=test-mcc,dc=edu" scope=2 deref=2
filter="(&(objectClass=posixAccount)(uid=lhart1))"
Jun 28 04:56:50 esdev2 slapd[11499]: conn=12630 op=1 SEARCH RESULT tag=101
err=0 nentries=0 text=
Jun 28 04:56:50 esdev2 slapd[11424]: conn=12630 fd=11 closed

These 2 users, lhart1 and tmoore, are 2 users that are supposed to be
added after the last user that is successfully added.

Now, when the group is "full" like this, if I do a 'net groupmap list', I
get a "Segmentation Fault". Also, when the group is "full", and my script
is still trying to add users (with smbldap-useradd), stderr is spitting
out "Segmentation Fault". nscd also seems to be dying and starting again
after the first 120 users are added. I don't have winbindd, I've also
disabled nscd caching.

Now, the interesting part. If I change the '-g students' to '-g 'domain
users'' everything works fine!

Adding users to 'Domain Users' works, but 'students' does not?

Actually, adding a new group with the first part being "Domain" such as
group 'Domain Studs' works fine. If the group name doesn't have "Domain"
in it, it gets screwed up?

I'd appreciated any help with this!

Also, one more question, I've noticed that for each user, a memberUid
attribute is created inside the group. I'm assuming this is supposed to
happen, but why? Does Samba maybe need it this way? Even for the primary
group it adds an "extra" memberUid attribute for each user? Does this hurt
performance?

Thanks in advance for any help.



Marc