[Samba] smb.conf ignores "ldap user suffix"

Tri Tu ttu at sunext.com
Fri Oct 13 21:30:23 GMT 2006


Seems like there is a bug in samba configuration with the version 3.0.22 
or later that it doesn't read the configuration variable within the 
smb.conf for ldap settings

ldap user suffix =

Although it's working as long as the users are under the "ldap suffix" 
and samba will search for the uid from the base of the domain (getting 
from "ldap suffix").  So it doesn't matter if you put in to the "ldap 
user suffix" variable whatever value, it doesn't read it (ldap user 
suffix = ou=Users or ldap user suffix =  ou=People or ldap user suffix = 
ou=SoWrongIdon'tReadItAnyway, etc...)  Here is the part of the smb.conf 
file for ldap setting and its log:

  logon drive = H:
  logon home =
  passdb backend = ldapsam:ldap://
  ldap admin dn = cn=Manager,dc=company,dc=com
  ldap suffix = dc=company,dc=com
  ldap group suffix = ou=Groups
  ldap user suffix = ou=Peoplessssssssssssssssssssssssss
  ldap machine suffix = ou=Computerssssssssssssssssss
  ldap idmap suffix = ou=Usersxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  idmap backend = ldap://
  #ldap ssl = start tls
  ldap delete dn = Yes

Oct 13 14:10:00 sunrise slapd[23846]: conn=557 op=15 SRCH 
base="dc=company,dc=com" scope=2 deref=0 
Oct 13 14:10:00 sunrise slapd[23846]: conn=557 op=15 SRCH attr=uid 
uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange 
sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn 
displayName sambaHomeDrive sambaHomePath sambaLogonScript 
sambaProfilePath description sambaUserWorkstations sambaSID 
sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName 
objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount 
sambaBadPasswordTime sambaPasswordHistory modifyTimestamp 
sambaLogonHours modifyTimestamp
Oct 13 14:10:00 sunrise slapd[23846]: conn=557 op=15 SEARCH RESULT 
tag=101 err=0 nentries=1 text=

BTW, it does read the Groups setting "ldap group suffix" but not with 
"ldap user suffix"

Hope this will fix soon.  If anyone knows any patch to fix samba to read 
the "ldap user suffix", please let me know.


More information about the samba mailing list