[Samba] errors - cannot access LDAP when not root

Justin Zipperle justin at shaggydawg.com
Mon May 21 20:50:54 GMT 2007

I'm hardly an OpenLDAP expert, but check your ACLs in your slapd.conf.  
Make sure you've got something like this:

access to *
    by * read

You should probably tighten up your LDAP security a bit more than that, 
but you get my point.  You should be able to do an anonymous bind and 
search LDAP from the command line:

ldapsearch -x -b "dc=yourbase,dc=net" "(ObjectClass=*)"

In my experience, that should be working before you can do anything 
useful with Samba.

Hope this helps!

On 5/21/2007 10:07 AM, Bradley Tate wrote:
> Hi
> I was happy enough running SuSE 9.3 and samba 3.0.20 with openldap but
> hardware problems forced me to move. I tried openSuSe 10.2 with samba
> 3.0.23 and 3.0.24 but kept getting strange interactions with openldap
> and Internal Errors from samba, I realise now possibly due to copying
> .dat files from the old setup.
> I've now moved to something I know a bit better, which is a more redhat
> like Centos 5 and have virtually installed from scratch except for the
> LDAP directory and the smb.conf. I'm now getting heaps of the same 
> errors in the user logs.
> Typically a fragment is:
> [2007/05/21 23:45:18, 5] lib/smbldap.c:smbldap_search_ext(1179)
>   smbldap_search_ext: base => [ou=Groups,dc=objectmastery,dc=com],
> filter => [(&(objectClass=sambaGroupMapping)(gidNumber=10
> 0))], scope => [2]
> [2007/05/21 23:45:18, 0] lib/smbldap.c:smbldap_open(1009)
>   smbldap_open: cannot access LDAP when not root..
> Any clues on how to get rid of the problem would be helpful, even if
> it's to tell me more information is needed or where I should start
> looking. Rollback is not an option.
> Thanks,
> Bradley

More information about the samba mailing list