[Samba] Srvtools causes smbldap_open: cannot access LDAP when not root

[Doug Campbell]

> > I don't have any certificates to deal with as I am not using SSL/TLS.  I
> > actually tried to do this as a learning exercise but couldn't get it to
> > work based on the documentation I read.
>
> Try http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html

I will check that out.

[snip]
>
> 'man ldapsearch'. ldapsearch without -x assumes that you are asking for
> SASL support that you have configured in slapd.conf, and you haven't. The
> fact that you get the same results for root or a non-root user doesn't
> have anything to do with the Unix user that you are logged in as; slapd
> doesn't care about the Unix )posix) user. It only cares about users in DNs
> that you feed it.

That makes sense to me and I think gives me a clue on some of the problems I
was having with the LDAP ACLs.

> > Does that give a better idea of what might be wrong in my setup?
>
> Yes. I have to agree with Craig White here (I usually do ;) LDAP for me is
> the be-all and end-all. i use it for across-platform authentication in
> production for *everything* It is the corner stone to all services that my
> users may use. If an application doesn't work with it, then that
> application is useless to me. Examples of apps that use a single login and
> password at one site I administer (runs 3 servers under RHAS3 using the
> same LDAP DSA) are postfix smtp, Courier IMAP, Linux Terminal Server
> Project, Pykota print quota admin, ssh and a Samba PDC. To be able to
> master the LDAP part thoroughly, I chose to use source code and subscribe
> to the 4-5 mailing lists dealing with this. Craig does the same.
>
> Get samba working without LDAP first, then make sure you master every
> possible aspect of openldap and are completely confident with it. Then you
> can adapt what you've done to Samba.

I will do that.  Thanks for your time in patiently helping me through this.

Doug