[Samba] Problem: LDAP as idmap backend
charles weber
chaweber at gmail.com
Fri Aug 14 06:25:28 MDT 2009
A big change in ldap usage documented only in the man pages.
For 3.3.7 I had to change from this
idmap backend = ldap:ldap://niairpfiler1.grc.nia.nih.gov ldap:ldap://
niairpfiler2.grc.nia.nih.gov
to this
ldap ssl = no
idmap backend = ldap:ldap://ldapserv1
idmap alloc backend = ldap
idmap alloc config : ldap_user_dn = cn=Manager,dc=X,dc=X
idmap alloc config : ldap_base_dn = ou=People,dc=X,dc=X
idmap alloc config : ldap_url = ldap://ldapserv2
you have to set your alloc password separately with net idmap command.
In my case CentOS 5.3 openldap does not do multimaster, ldapserv1 is
master and ldapserv2 is slave.
I ended up rolling back to 3.0.3 for other issues.
Regardless of quoting etc, 3.3.7 did not support multiple ldapservers
listed on the idmap backend line.
On Aug 13, 2009, at 5:26 PM, Chris Osicki wrote:
> Hi
>
> I've just upgraded Samba on Solaris 10 from the bundled version
> (3.0.33)
> to 3.4.0 and winbind don't want to cooperate with LDAP as idmap
> backend
> anymore.
>
> The smb.conf I use is:
>
> [global]
> workgroup = CORPROOT
> netbios name = usonfs
> security = domain
> log level = 10
> preferred master = no
> bind interfaces only = yes
> interfaces = usonfs
>
> password server = sg000057.corproot.net sg1006z.corproot.net
> winbind uid = 20000-21000
> winbind gid = 20000-21000
> winbind enum users = no
> winbind enum groups = no
>
> # Using ldap server as winbindd backend
> idmap backend = ldap:ldap://usoldap01.swissptt.ch ldap:ldap://
> usoldap02.swissptt.ch
> ldap admin dn = uid=idmapadm,ou=idmap,dc=swissptt,dc=ch
> ldap idmap suffix = ou=idmap
> ldap suffix = dc=swissptt,dc=ch
>
> I compiled Samba myself: configure; make; make install.
>
> It must be something obvious I'm overlooking I hope somebody could
> point it out.
>
> Running winbindd as:
>
> /usr/local/samba/sbin/winbindd -d 3 -i -n
>
> I see those messages:
>
> [ 8286]: sid to uid S-1-5-21-796845957-1547161642-839522115-187984
> idmap_init: using 'ldap' as remote backend
> Failed to issue the StartTLS instruction: Connect error
> Connection to LDAP server failed for the 1 try!
> Failed to issue the StartTLS instruction: Connect error
> Connection to LDAP server failed for the 3 try!
> Failed to issue the StartTLS instruction: Connect error
> Connection to LDAP server failed for the 5 try!
> Failed to issue the StartTLS instruction: Connect error
> Connection to LDAP server failed for the 7 try!
>
>
> Thanks for your time.
>
> Regards,
> Chris
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list