[Samba] LDAP errors with v3.0.34 using the LDAP schema file with Sun DS 5.2
Rob Mottishaw
mottrobe at isu.edu
Mon Aug 24 09:19:58 MDT 2009
The format of the sambaDomainName object in the DIT (I've masked the
sensitive information, don't let the ?'s and #'s throw you):
Distinguished Name: sambaDomainName=????,??=???,??=???
ObjectClasses sambaDomain
Attributes
sambaAlgorithmicRidBase 1000
sambaDomainName ????
sambaNextUserRid 1000
sambaSID #-#-#-##-##########-#########-##########
The attributes sambapwdhistorylength, sambalockoutthreshold,
sambamaxpwdage are not included in the definition of the sambaDomainName
object. Any ideas? The searching I've done indicates the attributes
sambapwdhistorylength, sambalockoutthreshold, sambamaxpwdage should be
included, in our case, they are not.
Thanks for any assistance,
Rob Mottishaw
Rob Mottishaw wrote:
> Receive the following errors when users authenticate with LDAP schema
> file included with Sun DS 5.2:
>
> ERROR<5897> - Schema - conn=-1 op=-1 msgId=-1 - User error: Entry
> "sambaDomainName=????????,??=???,??=???", attribute
> "sambapwdhistorylength" is not allowed
> ERROR<5897> - Schema - conn=-1 op=-1 msgId=-1 - User error: Entry
> "sambaDomainName=????????,??=???,??=???", attribute
> "sambalockoutthreshold" is not allowed
> ERROR<5897> - Schema - conn=-1 op=-1 msgId=-1 - User error: Entry
> "sambaDomainName=????????,??=???,??=???", attribute "sambamaxpwdage"
> is not allowed
>
> The authentication is succdessful, yet these errors are logged
> multiple times. Checked in the schema file for SAMBA 3.0.x sent with
> Sun DS 5.2, and indeed, the attributes sambapwdhistorylength,
> sambalockoutthreshold, and sambamaxpwdage are not among those listed
> in the schema file for SAMBA 3.0.x. Is there an updated schema file
> or a way to configure the authentication to remove the verification of
> these attributes?
>
> Thank you,
> Rob Mottishaw
>
More information about the samba
mailing list