[Samba] ADS and not working IDMAP on OpenLdap backend
Ivo.Hanuska at hella.com
Ivo.Hanuska at hella.com
Thu Jun 8 07:46:22 GMT 2006
Halo everyone!
I am trying to implement IDMAP backend based on OpenLdap and it refuses to
work. After some diagnostics on both (Samba+Winbind and OpenLdap) sides I
found in my logs following error messages:
Jun 7 14:03:03 proxy slapd[5361]: send_ldap_result: err=21 matched=""
text="objectClass: value #0 invalid per syntax"
Jun 7 14:03:03 proxy slapd[5361]: conn=14 op=3 RESULT tag=103 err=21
text=objectClass: value #0 invalid per syntax
Jun 7 14:03:03 proxy winbindd[5685]: [2006/06/07 14:03:03, 0]
sam/idmap.c:idmap_init(138)
Jun 7 14:03:03 proxy winbindd[5685]: idmap_init: failed to initialize
remote backend!
Which seems to me, that there might be some bug, or missconfiguration in
somewhere, but I am not able to find it. Of course wbinfo returns nothing
and samba itself is not working...
Could someone throw an eye on following configuration files and see "the
obvious" - reason why it is not working?
Debug information: Samba is running on SuSE linux Enterprise server 9.1 SP
3. Samba itself is version 3.0.20b-3.4-SUSE, OpenLDAP is version 2.2.24.
krb5 libs are Heimdal 0.6.1.rc3, nss_ldap is version 215.
smb.conf:
[global]
workgroup = HAT
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
username map = /etc/samba/smbusers
security = ads
encrypt passwords = yes
ldap admin dn = cn=administrator,dc=xxx,dc=yyyyyy,dc=com
ldap suffix = dc=xxx,dc=yyyyyy,dc=com
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://localhost/
allow trusted domains = yes
domain logons = no
netbios name = %h
server string = %h
preferred master = auto
acl compatibility = auto
acl group control = no
idmap uid = 10000-200000
idmap gid = 10000-200000
realm = xxx.yyyyyy.COM
password server = czshatdc01.xxx.yyyyyy.com
log level = 3
winbind use default domain = Yes
winbind enum users = No
winbind enum groups = No
winbind nested groups = Yes
nss_ldap libraries config (/etc/ldap.conf):
host localhost
base "dc=xxx,dc=yyyyyy,dc=com"
binddn "cn=administrator,dc=xxx,dc=yyyyyy,dc=com"
bindpw "testtest"
pam_password exop
nss_base_passwd "ou=People,dc=xxx,dc=yyyyyy,dc=com?one"
nss_base_shadow "ou=People,dc=xxx,dc=yyyyyy,dc=com?one"
nss_base_group "ou=Groups,dc=xxx,dc=yyyyyy,dc=com?one"
ssl no
OpenLdap config (/etc/openldap/ldap.conf)
TLS_REQCERT allow
host 127.0.0.1
base dc=xxx,dc=yyyyyy,dc=com
binddn cn=administrator,dc=xxx,dc=yyyyyy,dc=com
bindpw testtest
Slapd config (/etc/openldap/slapd.conf)
loglevel 3052
database bdb
suffix "dc=xxx,dc=yyyyyy,dc=com"
rootdn "cn=Administrator,dc=xxx,dc=yyyyyy,dc=com"
rootpw "testtest"
directory /var/lib/ldap
checkpoint 1024 5
cachesize 10000
ldif file with database structure:
dn: dc=xxx,dc=yyyyyy,dc=com
objectClass: dcObject
objectClass: organization
dc: hat
o: Hella
description: Posix and Samba LDAP Identity Database
dn: cn=administrator,dc=xxx,dc=yyyyyy,dc=com
objectClass: organizationalRole
cn: administrator
description: Directory Manager
dn: ou=Idmap,dc=xxx,dc=yyyyyy,dc=com
objectClass: organizationalUnit
ou: idmap
Thank you for any help, or even a hint.
Ivo Hanuska
More information about the samba
mailing list