[Samba] Cannot bind to AD using nslcd

Min Wai Chan dcmwai at gmail.com
Wed Nov 19 10:48:28 MST 2014


you should be using this.

if you are using ldap and not Kerbos

pagesize 1000
referrals off
idle_timelimit 800
filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map    passwd uid              sAMAccountName
map    passwd homeDirectory    unixHomeDirectory
map    passwd gecos            displayName
filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map    shadow uid              sAMAccountName
map    shadow shadowLastChange pwdLastSet
filter group  (objectClass=group)


On Thu, Nov 20, 2014 at 1:45 AM, Rob Mason <rob.mason at acasta.co.uk> wrote:

> A little further forward!  I've re-provisioned the domain and re-created
> the new 'nslcd-connect' user just to be sure.
>
> 'binddn' is now working - but is complaining about 'uidNumber'. I think
> this is now just a mapping issue.  Anyone??
>
> nslcd: [495cff] <passwd(all)> DEBUG:
> myldap_search(base="CN=Users,DC=acasta,DC=intra",
> filter="(objectClass=user)")
> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
> CN=Administrator,CN=Users,DC=acasta,DC=intra
> nslcd: [495cff] <passwd(all)>
> CN=Administrator,CN=Users,DC=acasta,DC=intra: uidNumber: missing
> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
> CN=nslcd-connect,CN=Users,DC=acasta,DC=intra
> nslcd: [495cff] <passwd(all)>
> CN=nslcd-connect,CN=Users,DC=acasta,DC=intra: uidNumber: missing
> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
> CN=krbtgt,CN=Users,DC=acasta,DC=intra
> nslcd: [495cff] <passwd(all)> CN=krbtgt,CN=Users,DC=acasta,DC=intra:
> uidNumber: missing
> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
> CN=Guest,CN=Users,DC=acasta,DC=intra
> nslcd: [495cff] <passwd(all)> CN=Guest,CN=Users,DC=acasta,DC=intra:
> uidNumber: missing
> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result(): end of results (4
> total)
>
> The full nslcd.conf is here:
>
> uid nslcd
> gid nslcd
> uri ldap://kepler.acasta.intra/
> base CN=Users,DC=acasta,DC=intra
> binddn CN=nslcd-connect,CN=Users,DC=acasta,DC=intra
> bindpw xxxxxxxx
> pagesize 1000
> referrals off
> filter  passwd  (objectClass=user)
> filter  group   (objectClass=group)
> map     passwd  uid                sAMAccountName
> map     passwd  homeDirectory      unixHomeDirectory
> map     passwd  gecos              displayName
> map     passwd  gidNumber          primaryGroupID
> map     passwd  uidNumber          uidNumber
> #map     group   uniqueMember       member
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list