[Samba] Re: Need help with IDMAP storage in LDAP using Winbind

Kristof Bruyninckx kristof.bruyninckx at thales-is.com
Thu Sep 29 14:51:27 GMT 2005 

Hello,

These last changes did the trick, as far as I can tell all entries have
been added to the LDAP, 

example entry from slapcat :

 dn:
sambaSID=S-1-5-21-1960408961-1965331169-725345543-1884,ou=Idmap,dc=thales,
 dc=be
objectClass: sambaIdmapEntry
objectClass: sambaSidEntry
uidNumber: 10370
sambaSID: S-1-5-21-1960408961-1965331169-725345543-1884
structuralObjectClass: sambaSidEntry
entryUUID: e66d21ba-c53b-1029-89db-ab2ff339c432
creatorsName: uid=samba,ou=Idmap,dc=thales,dc=be
createTimestamp: 20050929135137Z
entryCSN: 20050929135137Z#000002#00#000000
modifiersName: uid=samba,ou=Idmap,dc=thales,dc=be
modifyTimestamp: 20050929135137Z

dn:
sambaSID=S-1-5-21-1960408961-1965331169-725345543-1107,ou=Idmap,dc=thales,
 dc=be
objectClass: sambaIdmapEntry
objectClass: sambaSidEntry
uidNumber: 10371
sambaSID: S-1-5-21-1960408961-1965331169-725345543-1107
structuralObjectClass: sambaSidEntry
entryUUID: eeb32a86-c53b-1029-89dc-ab2ff339c432
creatorsName: uid=samba,ou=Idmap,dc=thales,dc=be
createTimestamp: 20050929135151Z
entryCSN: 20050929135151Z#000002#00#000000
modifiersName: uid=samba,ou=Idmap,dc=thales,dc=be
modifyTimestamp: 20050929135151Z

So the Idmap entries are finally getting into the LDAP. 3 Cheers!! Thx
again, would still be stuck without your advice.

But still there are some new problems that popped up. wbinfo -u ,wbinfo
-g and wbinfo -t still work.
Also getent passwd works, and shows me all the windows accounts, but it
is very slow, when starting this command the LDAP starts pumping a lot
of messages into /var/log/message, this in it self is not a real problem
since the debugging is turned to maximum.

snip "Sep 29 16:39:23 linux14 slapd: => access_allowed: search access
granted by write(=wrscx)
Sep 29 16:39:23 linux14 slapd: => access_allowed: search access to
"sambaSID=S-1-5-21-1960408961-1965331169-725345543-1746,ou=Idmap,dc=thales,dc=be" "sambaSID" requested
Sep 29 16:39:23 linux14 slapd: => acl_get: [2] attr sambaSID
Sep 29 16:39:23 linux14 slapd: => acl_mask: access to entry
"sambaSID=S-1-5-21-1960408961-1965331169-725345543-1746,ou=Idmap,dc=thales,dc=be", attr "sambaSID" requested
Sep 29 16:39:23 linux14 slapd: => acl_mask: to value by
"uid=samba,ou=idmap,dc=thales,dc=be", (=n)
Sep 29 16:39:23 linux14 slapd: <= check a_dn_pat:
uid=samba,ou=idmap,dc=thales,dc=be
Sep 29 16:39:23 linux14 slapd: <= acl_mask: [1] applying write(=wrscx)
(stop)
Sep 29 16:39:23 linux14 slapd: <= acl_mask: [1] mask: write(=wrscx)
Sep 29 16:39:23 linux14 slapd: => access_allowed: search access granted
by write(=wrscx)
Sep 29 16:39:23 linux14 slapd: => access_allowed: search access to
"sambaSID=S-1-5-21-1960408961-1965331169-725345543-1841,ou=Idmap,dc=thales,dc=be" "objectClass" requested
Sep 29 16:39:23 linux14 slapd: => acl_get: [2] attr objectClass
Sep 29 16:39:23 linux14 slapd: => acl_mask: access to entry
"sambaSID=S-1-5-21-1960408961-1965331169-725345543-1841,ou=Idmap,dc=thales,dc=be", attr "objectClass" requested
Sep 29 16:39:23 linux14 slapd: => acl_mask: to value by
"uid=samba,ou=idmap,dc=thales,dc=be", (=n)
Sep 29 16:39:23 linux14 slapd: <= check a_dn_pat:
uid=samba,ou=idmap,dc=thales,dc=be
Sep 29 16:39:23 linux14 slapd: <= acl_mask: [1] applying write(=wrscx)
(stop)
Sep 29 16:39:23 linux14 slapd: <= acl_mask: [1] mask: write(=wrscx)
snip"

And everytime I rerun getent passwd command it seems to run trough it
again.

But even do getent passwd is working, I cannot perform id
<Windows.Usename>, nor login as that user. ldapsearch -x -b
'dc=thales,dc=be' '(objectclass=*)' also doesn't show me any entry, and
if I'm not mistaken it should display everything.
"
ldapsearch output:# extended LDIF
#
# LDAPv3
# base <dc=thales,dc=be> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1
"
Now I'm still trying to find more information about what is going wrong,
but if you have an idea, please give me a heads up.

Cheers and regards,

-- 
Bruyninckx Kristof
Thales Services Division
GNU&Linux/Unix System Administrator / Test developer
Tel: 02/674.76.49.19
kristof.bruyninckx at thales-is.com

More information about the samba mailing list