[Samba] multiple domains/ ldap /smbldap_search function/pdbedit/
marcin.giedz at altvision.pl
Tue Jun 27 12:32:11 GMT 2006
Didier Roques napisał(a):
>> Didier Roques napisaÅ‚(a):
>>> Hi all,
>>> I use samba 3.0.20
>>> the ldap paramaters into the smb.conf are:
>>> passdb backend = ldapsam:ldap://localhost smbpasswd guest
>>> ldap suffix = dc=univ,dc=fr
>>> ldap machine suffix = ou=Hosts
>>> ldap user suffix = ou=People
>>> ldap group suffix = ou=Group
>>> ldap idmap suffix = ou=Idmap
>>> Into my ldap tree i've got 3 domains samba defined
>>> some uid exists into 2 of 3 domains
>> I also have more than 3 domains in my LDAP ... but it works great!!!
>>> (toto01 exists twice but into two differents domains)
>>> If i use pdbedit -L -v -d 10 toto01 i've got the following thing:
>>> smbldap_search_ext: base => [dc=univ,dc=fr], filter =>
>>> [(&(uid=toto01)(objectclass=sambaSamAccount))], scope => 
>>> ldapsam_getsampwnam: Duplicate entries for this user [toto01] Failing.
>> How are the domains organized? According to your information it seems
>> that dc=univ,dc=fr is a base for all 3 domains - am I right? In such
>> case the message you get is NORMAL. Shouldn't it be like this:
>> 1) ou=People,ou=domain1,dc=univ,dc=fr
>> 2) ou=People,ou=domain2,dc=univ,dc=fr
>> 3) ou=People,ou=domain3,dc=univ,dc=fr?
>> But then your samba ldap suffix should be:
>> ldap suffix = ou=domainx,dc=univ,dc=fr
> the organization is:
> 1)ou=People,dc=univ,dc=fr (the first domain)
And your answer is here! dc=univ,dc=fr includes EVERYTHING - domain2 and
domain3 and of course People,Groups from the top of LDAP tree.
This for example consists ONLY with EVERYTHING in subtree:
ou=domain2,dc=univ,dc=fr - that's why if you try and change samba "ldap
suffix = ou=domain2,dc=univ,dc=fr - it will work OK. You will ONLY see
people,groups and whatever you have but from this particular subtree.
> the three domains are not at the same level into the ldap tree !
> I think the solution you give is a nice one (i thought to use it before).
> But i'd like to know why the function smbldap_search_ext doesn't search
> into the right branch given by the ldap parameters of smb.conf? is it a
> bug or normal ?
> thanks a lot about your response
More information about the samba