[Samba] Samba+LDAP problems

Marcelo Mogrovejo marcejef at gmail.com
Thu Nov 8 19:58:01 GMT 2007

Hi John...

John H Terpstra wrote:
> On Wednesday 07 November 2007 19:00, Marcelo Mogrovejo wrote:
>> Hello...
>> Edmundo Valle Neto wrote:
>>> Marcelo Mogrovejo escreveu:
>>>> Hello Edmundo
>>> (...)
>>>> So, yes, i have configured this file already:
>>>> passwd: compat ldap
>>>> shadow: compat ldap
>>>> group:   compat ldap
>>>> I have downloaded the libnss-ldap file too but it's the same...
>>> Yes, this package must be installed too, nsswitch.conf says where to
>>> read and libnss-ldap says how to do it when using LDAP. Normally
>>> answering debconf properly when installing the package is enough to
>>> make it work and messing with /etc/libnss-ldap.conf isn't needed.
>>>> I can't make it to work...
>>>> If i try to create a posixAccount in phpLDAPadmin it show me the error:
>>>> "Could not add the object to the LDAP server.
>>>> LDAP said: Object class violation
>>>> Error number: 0x41 (LDAP_OBJECT_CLASS_VIOLATION)
>>>> Description: You tried to perform an operation that would cause an
>>>> undefined attribute to exist or that would remove a required
>>>> attribute, given the current list of ObjectClasses. This can also
>>>> occur if you do not specify a structural objectClass when creating an
>>>> entry, or if you specify more than one structural objectClass."
>>> Doesn't make much sense trying anything else if your NSS doesn't work,
>>> make it work isn't optional.
>>> If you have populated LDAP successfully with smbldap-populate at least
>>> the administrator and nobody accounts (or whatever was inserted in the
>>> base) must appear with getent. (you can make sure what was inserted
>>> doing a slapcat).
>> Ok with slapcat i see the user "testuser" created... but i saw it in
>> phpldapadmin before.
>> Here i cut and paste a last section of slapcat out:
>> dn: uid=testuser,ou=Users,dc=skull-one,dc=com,dc=ar
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: inetOrgPerson
>> objectClass: posixAccount
>> objectClass: shadowAccount
>> cn: testuser
>> sn: testuser
>> givenName: testuser
>> uid: testuser
>> uidNumber: 1564
>> gidNumber: 513
>> homeDirectory: /home/testuser
>> loginShell: /bin/bash
>> gecos: System User
>> structuralObjectClass: inetOrgPerson
>> entryUUID: c1028b56-21df-102c-8a0d-63a789f5531c
>> creatorsName: cn=Manager,dc=skull-one,dc=com,dc=ar
>> createTimestamp: 20071108004614Z
>> userPassword:: e1NTSEF9KzM0SzNxejVOZnJLNTJzK3pkaGVYam11QWpSM1FYcE4=
>> shadowLastChange: 13825
>> shadowMax: 45
>> entryCSN: 20071108004653Z#000000#00#000000
>> modifiersName: cn=Manager,dc=skull-one,dc=com,dc=ar
>> modifyTimestamp: 20071108004653Z
>>>> And the rare is, when i create the account with smbldap-useradd -m
>>>> testuser it create the home directory at /home/testuser but i don't
>>>> know why it doesn't create a uid....
>>> Ok, -m makes the home directory, but what do you mean by "doesn't
>>> create a uid"? Its only a perl script that inserts something in the
>>> base directly, it doesn't fail when lacking NSS. A dump of the base
>>> with slapcat doesn't show the user? The command give any error? If the
>>> user isn't in the base your smbldap-tools install is broken too.
>> I mean that i don't know why the user linux is not created, why i don't
>> see him with getent passwd.
>> The command work fine without errors.
>> So all of this means smbldap-tools is broken ??
> No, it means your NSS is either not configured correctly, or is broken.  How 
> have you configured /etc/nsswitch.conf and /etc/ldap.conf?
here i show you my /etc/nsswitch.conf and /etc/ldap/ldap.conf




More information about the samba mailing list