[Samba] samba failed to authenticate to openLDAP
tonye at billy.demon.nl
Thu Mar 3 10:58:07 GMT 2005
>> 2: doing that nearly fscked up my already existent DIT for always;
> I'd be very interested in hearing how this happened and what almost got
> borked. I can't for the life of me think of anything that the
> smbldap-tools package should have done above just adding random attributes
> and entries in a lot of places if badly configured. The worst (again,
> that I can imagine) that you would have had to do would be clean with a
> fine tooth scrub brush.
> I haven't delved deep into the code, so I don't doubt that things could
> be pretty powerful, just that I haven't seen how they could go far enough
> to completely bork up a whole LDAP database.
The smbldap-tools allow for only one group suffix, only one user suffix.
At a site, I already have a DIT with 1150+ users:
Even worse, at my test site I have:
| cn=people (Posix group)
The tools can't cope. What's more, LAM can't cope with my test site,
either (wants an ou for a container, won't accept a cn). Neither you nor
anyone else can tell me that my architecture is wrong ;)
I've written my own awk script for adding basic Posix users to groups
(from lists of first-middle-last names) and my own (disjointed) shell
scripts for adding Samba users to Posix users (using ldapsearch).
mail: tonye at billy.demon.nl
More information about the samba