[Samba] Fwd: Migrating server

Harry Jede walk2sun at arcor.de
Wed Mar 7 12:10:44 UTC 2018 

Hi Rob,

> olcDbIndex: ou eq
> olcDbIndex: mail eq
> olcDbIndex: surname eq
> olcDbIndex: givenname eq
> olcDbIndex: loginShell eq
> olcDbIndex: uniqueMember eq,pres
> olcDbIndex: sambaSID eq
> olcDbIndex: sambaPrimaryGroupSID eq
> olcDbIndex: sambaGroupType eq
> olcDbIndex: sambaSIDList eq
> olcDbIndex: sambaDomainName eq
> olcDbIndex: default sub
> olcDbIndex: nisMapName eq
> olcDbIndex: nisMapEntry eq
Dont looks good.

replace the indices
# ldapmodify -Y external -H ldapi:///  -f olcdbindex.ldif

stop slapd
# /etc/init.d/slapd stop

re-index
# slapindex -v -n 1

start slapd
# /etc/init.d/slapd start

We want to watch the communication between samba and ldap:

First, we set another loglevel
# ldapmodify -Y external -H ldapi:///  -f olcloglevel.ldif

and then run in an extra terminal:

tail -f /var/log/syslog|sed -nre 's/^.*( slapd.*$)/\1/p'

You will see the communication between samba and slapd.
 This is the output from: *net getdomainsid*

slapd[18826]: conn=1000 fd=13 ACCEPT from IP=127.0.0.1:33707 (IP=0.0.0.0:389)
slapd[18826]: conn=1000 op=0 BIND dn="cn=admin,dc=afrika,dc=xx" method=128
slapd[18826]: conn=1000 op=0 BIND dn="cn=admin,dc=afrika,dc=xx" mech=SIMPLE ssf=0
slapd[18826]: conn=1000 op=0 RESULT tag=97 err=0 text=
# the bind from smbd

slapd[18826]: conn=1000 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
slapd[18826]: conn=1000 op=1 SRCH attr=supportedControl
slapd[18826]: conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
# the search from smbd for supportedControls

slapd[18826]: conn=1000 op=2 SRCH base="dc=afrika,dc=xx" scope=2 deref=0 filter="(&(objectClass=sambaDomain)(sambaDomainName=schule))"
slapd[18826]: conn=1000 op=2 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass
slapd[18826]: conn=1000 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[18826]: conn=1000 fd=13 closed (connection lost)
# and finaly the search for "sambaDomainName and sambaSID"
# samba do not search for single attributes,
# instead all attributes from an objectclass

###
$ cat olcloglevel.ldif 
dn: cn=config
changetype: modify
replace: olcloglevel
olcloglevel: 256
-

$ cat olcdbindex.ldif 
dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcDbIndex
olcDbIndex: cn eq,sub
olcDbIndex: dc eq
olcDbIndex: default eq
olcDbIndex: dhcpClassData eq
olcDbIndex: dhcpHWAddress eq
olcDbIndex: displayName eq,sub
olcDbIndex: gidNumber eq
olcDbIndex: givenName eq,sub
olcDbIndex: loginShell eq
olcDbIndex: mail eq,sub,approx
olcDbIndex: memberUid eq,sub
olcDbIndex: objectClass eq
olcDbIndex: ou eq
olcDbIndex: sambaDomainName eq
olcDbIndex: sambaGroupType eq
olcDbIndex: sambaPrimaryGroupSID eq
olcDbIndex: sambaSID eq
olcDbIndex: sambaSIDList eq
olcDbIndex: sn eq,sub
olcDbIndex: uid eq,sub
olcDbIndex: uidNumber eq
olcDbIndex: uniqueMember eq

-- 

Gruss
	Harry Jede

More information about the samba mailing list