[Samba] smbldap-tools broken pipe
Chuck Theobald
chuckt at darkwing.uoregon.edu
Tue May 17 18:09:22 GMT 2005
Hi,
I am working on establishing a Samba+LDAP server with management by the
smbldap tools from idealx. Versions are Samba 3.0.14a, OpenLDAP 2.2.24,
smbldap tools 0.8.8 all on Solaris 8. I'm thinking I have a problem with
my perl (perhaps), version 5.8.5, as I keep getting "Broken pipe" messages
when using smbldap-populate, smbldap-groupadd, etc. Google produced no
useful results in my searches. I would like some suggestions on how to
troubleshoot this issue.
I placed the -d option to perl in smbldap-passwd and got the following:
. . .
DB<1>
Net::LDAP::search(/usr/local/lib/perl5/site_perl/5.8.5/Net/LDAP.pm:404):
404: if (exists $arg->{scope}) {
DB<1>
Net::LDAP::search(/usr/local/lib/perl5/site_perl/5.8.5/Net/LDAP.pm:405):
405: my $sc = lc $arg->{scope};
DB<1>
Net::LDAP::search(/usr/local/lib/perl5/site_perl/5.8.5/Net/LDAP.pm:406):
406: $stash{scope} = 0 + (exists $scope{$sc} ? $scope{$sc} : $sc);
DB<1>
Net::LDAP::search(/usr/local/lib/perl5/site_perl/5.8.5/Net/LDAP.pm:409):
409: if (exists $arg->{deref}) {
DB<1>
Net::LDAP::search(/usr/local/lib/perl5/site_perl/5.8.5/Net/LDAP.pm:415):
415: searchRequest => \%stash,
416: controls => $control
417: ) or return _error($ldap, $mesg, LDAP_ENCODING_ERROR,"$@");
DB<1>
Net::LDAP::search(/usr/local/lib/perl5/site_perl/5.8.5/Net/LDAP.pm:419):
419: $ldap->_sendmesg($mesg);
DB<1>
Broken pipe
lauterbur{181}#
Possibly relevant excerpt from /usr/local/samba/sbin/smbldap.conf:
# Ex: slaveLDAP=127.0.0.1
##slaveLDAP="127.0.0.1"
##slaveLDAP="hahn.uoregon.edu"
slaveLDAP="lauterbur.uoregon.edu"
slavePort="389"
# Master LDAP : needed for write operations
# Ex: masterLDAP=127.0.0.1
##masterLDAP="hahn.uoregon.edu"
masterLDAP="lauterbur.uoregon.edu"
masterPort="389"
# Use TLS for LDAP
# If set to 1, this option will use start_tls for connection
# (you should also used the port 389)
ldapTLS="1"
# How to verify the server's certificate (none, optional or require)
# see "man Net::LDAP" in start_tls section for more details
verify="require"
# CA certificate
# see "man Net::LDAP" in start_tls section for more details
cafile="/usr/local/etc/cacert.pem"
# certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
clientcert="/usr/local/etc/lauterbur.slapd-cert.pem"
# key certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
clientkey="/usr/local/etc/lauterbur.slapd-key.pem"
And from /usr/local/etc/openldap/slapd.conf:
. . .
TLSCipherSuite HIGH:+TLSv1:+SSLv2:+SSLv3
TLSCACertificateFile /usr/local/etc/cacert.pem
TLSCertificateFile /usr/local/etc/lauterbur.slapd-cert.pem
TLSCertificateKeyFile /usr/local/etc/lauterbur.slapd-key.pem
security ssf=1 update_ssf=128 simple_bind=128 update_tls=128 tls=128
. . .
Other ldap commands work fine from the same machine and from other
networked machines. I've got login authentication working, my /etc/ldap.conf:
## LDAP configuration file for pam_ldap module.
##host 128.223.78.85
##host 128.223.78.80
host lauterbur.uoregon.edu
base dc=lcni,dc=uoregon,dc=edu
scope sub
timelimit 30
pam_login_attribute uid
pam_filter_class posixAccount
ssl start_tls
tls_cacertfile /usr/local/etc/cacert.pem
tls_ciphers HIGH
pam_filter &(objectClass=posixAccount)(description=lauterbur)
##nss_base_passwd ou=people,dc=lcni,dc=uoregon,dc=edu
nss_base_passwd ou=People,dc=lcni,dc=uoregon,dc=edu
nss_base_passwd ou=Computers,dc=lcni,dc=uoregon,dc=edu
##nss_base_shadow ou=people,dc=lcni,dc=uoregon,dc=edu
nss_base_shadow ou=People,dc=lcni,dc=uoregon,dc=edu
##nss_base_group ou=group,dc=lcni,dc=uoregon,dc=edu
nss_base_group ou=Groups,dc=lcni,dc=uoregon,dc=edu
This is maddening, as it is standing in the way of my migration from TAS to
Samba+LDAP.
I am pathetically in need of assistance, any suggestions would be appreciated.
Regards,
Chuck Theobald
System Administrator
The Robert and Beverly Lewis Center for Neuroimaging
University of Oregon
P: 541-346-0343
F: 541-346-0345
More information about the samba
mailing list