[Samba] Samba+LDAP problems

Marcelo Mogrovejo marcejef at gmail.com
Thu Nov 8 01:00:58 GMT 2007


Hello...

Edmundo Valle Neto wrote:
> Marcelo Mogrovejo escreveu:
>> Hello Edmundo
>
> (...)
>
>> So, yes, i have configured this file already:
>> passwd: compat ldap
>> shadow: compat ldap
>> group:   compat ldap
>>
>> I have downloaded the libnss-ldap file too but it's the same...
>
> Yes, this package must be installed too, nsswitch.conf says where to 
> read and libnss-ldap says how to do it when using LDAP. Normally 
> answering debconf properly when installing the package is enough to 
> make it work and messing with /etc/libnss-ldap.conf isn't needed.
>
>> I can't make it to work...
>>
>> If i try to create a posixAccount in phpLDAPadmin it show me the error:
>> "Could not add the object to the LDAP server.
>>
>> LDAP said: Object class violation
>> Error number: 0x41 (LDAP_OBJECT_CLASS_VIOLATION)
>> Description: You tried to perform an operation that would cause an 
>> undefined attribute to exist or that would remove a required 
>> attribute, given the current list of ObjectClasses. This can also 
>> occur if you do not specify a structural objectClass when creating an 
>> entry, or if you specify more than one structural objectClass."
>
> Doesn't make much sense trying anything else if your NSS doesn't work, 
> make it work isn't optional.
> If you have populated LDAP successfully with smbldap-populate at least 
> the administrator and nobody accounts (or whatever was inserted in the 
> base) must appear with getent. (you can make sure what was inserted 
> doing a slapcat).
Ok with slapcat i see the user "testuser" created... but i saw it in 
phpldapadmin before.
Here i cut and paste a last section of slapcat out:

dn: uid=testuser,ou=Users,dc=skull-one,dc=com,dc=ar
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: testuser
sn: testuser
givenName: testuser
uid: testuser
uidNumber: 1564
gidNumber: 513
homeDirectory: /home/testuser
loginShell: /bin/bash
gecos: System User
structuralObjectClass: inetOrgPerson
entryUUID: c1028b56-21df-102c-8a0d-63a789f5531c
creatorsName: cn=Manager,dc=skull-one,dc=com,dc=ar
createTimestamp: 20071108004614Z
userPassword:: e1NTSEF9KzM0SzNxejVOZnJLNTJzK3pkaGVYam11QWpSM1FYcE4=
shadowLastChange: 13825
shadowMax: 45
entryCSN: 20071108004653Z#000000#00#000000
modifiersName: cn=Manager,dc=skull-one,dc=com,dc=ar
modifyTimestamp: 20071108004653Z

>
>> And the rare is, when i create the account with smbldap-useradd -m 
>> testuser it create the home directory at /home/testuser but i don't 
>> know why it doesn't create a uid....
>
> Ok, -m makes the home directory, but what do you mean by "doesn't 
> create a uid"? Its only a perl script that inserts something in the 
> base directly, it doesn't fail when lacking NSS. A dump of the base 
> with slapcat doesn't show the user? The command give any error? If the 
> user isn't in the base your smbldap-tools install is broken too.
>
I mean that i don't know why the user linux is not created, why i don't 
see him with getent passwd.
The command work fine without errors.

So all of this means smbldap-tools is broken ??

Regards.


More information about the samba mailing list