[Samba] multiple domains/ ldap /smbldap_search function/pdbedit/

[Didier Roques]

> Didier Roques napisał(a):
>> Hi all,
>>
> Hello,
>> I use samba 3.0.20
>>
>> the ldap paramaters into the smb.conf are:
>> passdb backend = ldapsam:ldap://localhost smbpasswd guest
>> ldap suffix = dc=univ,dc=fr
>> ldap machine suffix = ou=Hosts
>> ldap user suffix = ou=People
>> ldap group suffix = ou=Group
>> ldap idmap suffix = ou=Idmap
>>
>> Into my ldap tree i've got 3 domains samba defined
>> some uid exists into 2 of 3 domains
>>
> I also have more than 3 domains in my LDAP ... but it works great!!!
>> (toto01 exists twice but into two differents domains)
>> If i use pdbedit -L -v -d 10 toto01 i've got the following thing:
>>
>> smbldap_search_ext: base => [dc=univ,dc=fr], filter =>
>> [(&(uid=toto01)(objectclass=sambaSamAccount))], scope => [2]
>> ldapsam_getsampwnam: Duplicate entries for this user [toto01] Failing.
>> count=2
>>
> How are the domains organized? According to your information it seems
> that dc=univ,dc=fr is a base for all 3 domains - am I right? In such
> case the message you get is NORMAL. Shouldn't it be like this:
> 1) ou=People,ou=domain1,dc=univ,dc=fr
> 2) ou=People,ou=domain2,dc=univ,dc=fr
> 3) ou=People,ou=domain3,dc=univ,dc=fr?
>
> But then your samba ldap suffix should be:
>
> ldap suffix = ou=domainx,dc=univ,dc=fr
>

the organization is:
1)ou=People,dc=univ,dc=fr  (the first domain)
2)ou=People,ou=domain2,dc=univ,dc=fr
3)ou=People,ou=domain3,dc=univ,dc=fr

the three domains are not at the same level into the ldap tree !

I think the solution you give is a nice one (i thought to use it before).
But i'd like to know why the function smbldap_search_ext doesn't search
into the right branch given by the ldap parameters of smb.conf? is it a
bug or normal ?

thanks a lot about your response