[Samba] Problem: LDAP as idmap backend

charles weber chaweber at gmail.com
Fri Aug 14 06:25:28 MDT 2009


A big change in ldap usage documented only in the man pages.
For 3.3.7 I had to change from this
idmap backend =  ldap:ldap://niairpfiler1.grc.nia.nih.gov ldap:ldap:// 
niairpfiler2.grc.nia.nih.gov

to this

ldap ssl = no
idmap backend = ldap:ldap://ldapserv1
idmap alloc backend = ldap
idmap alloc config : ldap_user_dn = cn=Manager,dc=X,dc=X
idmap alloc config : ldap_base_dn = ou=People,dc=X,dc=X
idmap alloc config : ldap_url = ldap://ldapserv2

you have to set your alloc password separately with net idmap command.


In my case CentOS 5.3 openldap does not do multimaster, ldapserv1 is  
master and ldapserv2 is slave.
I ended up rolling back to 3.0.3 for other issues.

Regardless of quoting etc, 3.3.7 did not support multiple ldapservers  
listed on the idmap backend line.


On Aug 13, 2009, at 5:26 PM, Chris Osicki wrote:

> Hi
>
> I've just upgraded Samba on Solaris 10 from the bundled version  
> (3.0.33)
> to 3.4.0 and winbind don't want to cooperate with LDAP as idmap  
> backend
> anymore.
>
> The smb.conf I use is:
>
> [global]
>    workgroup = CORPROOT
>    netbios name = usonfs
>    security = domain
>    log level = 10
>    preferred master = no
>    bind interfaces only = yes
>    interfaces = usonfs
>
>    password server = sg000057.corproot.net sg1006z.corproot.net
>    winbind uid = 20000-21000
>    winbind gid = 20000-21000
>    winbind enum users = no
>    winbind enum groups = no
>
>    # Using ldap server as winbindd backend
>    idmap backend = ldap:ldap://usoldap01.swissptt.ch ldap:ldap:// 
> usoldap02.swissptt.ch
>    ldap admin dn = uid=idmapadm,ou=idmap,dc=swissptt,dc=ch
>    ldap idmap suffix = ou=idmap
>    ldap suffix = dc=swissptt,dc=ch
>
> I compiled Samba myself: configure; make; make install.
>
> It must be something obvious I'm overlooking I hope somebody could
> point it out.
>
> Running winbindd as:
>
> /usr/local/samba/sbin/winbindd -d 3 -i -n
>
> I see those messages:
>
> [ 8286]: sid to uid S-1-5-21-796845957-1547161642-839522115-187984
> idmap_init: using 'ldap' as remote backend
> Failed to issue the StartTLS instruction: Connect error
> Connection to LDAP server failed for the 1 try!
> Failed to issue the StartTLS instruction: Connect error
> Connection to LDAP server failed for the 3 try!
> Failed to issue the StartTLS instruction: Connect error
> Connection to LDAP server failed for the 5 try!
> Failed to issue the StartTLS instruction: Connect error
> Connection to LDAP server failed for the 7 try!
>
>
> Thanks for your time.
>
> Regards,
> Chris
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba



More information about the samba mailing list