[Samba] Using Samba AD/DC as an Active Directory OAuth provider for OpenShift

vincent at cojot.name vincent at cojot.name
Fri Aug 21 20:40:32 UTC 2020

On Fri, 21 Aug 2020, Rowland penny via samba wrote:

> This works for me:
> rowland at devstation:~$ sudo ldapsearch -H ldaps://dc01.samdom.example.com -D 
> 'SAMDOM\Administrator' -w 'xxxxxxxxxx' -b 'dc=samdom,dc=example,dc=com' 
> 'memberof:1.2.840.113556.1.4.1941:=cn=Domain 
> Admins,CN=Users,dc=samdom,dc=example,dc=com' | grep 'dn:'
> [sudo] password for rowland:
> dn: CN=Unix Admins,CN=Users,DC=samdom,DC=example,DC=com
> dn: CN=swanadmin,CN=Users,DC=samdom,DC=example,DC=com
> dn: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com
> dn: CN=dhcpduser,CN=Users,DC=samdom,DC=example,DC=com
> dn: CN=Administrator,CN=Users,DC=samdom,DC=example,DC=com
> Rowland

You're right, this works here too:
ldapsearch -H ldaps://dc00.ad.lasthome.solace.krynn:636 -x -W -D
"raistlin at ad.lasthome.solace.krynn" -b 
Admins,CN=Users,dc=ad,dc=lasthome,dc=solace,dc=krynn'|grep 'dn:'
Enter LDAP Password:
dn: CN=raistlin,CN=Users,DC=ad,DC=lasthome,DC=solace,DC=krynn
dn: CN=Administrator,CN=Users,DC=ad,DC=lasthome,DC=solace,DC=krynn

So that must not be the problem, then.. Do you see anything else that 
stands out in the lines below?

         baseDN: "DC=ad,DC=lasthome,DC=solace,DC=krynn"
         scope: sub
         derefAliases: never
         pageSize: 0
         filter: (objectclass=group)
     groupUIDAttribute: primaryGroupID
     groupNameAttributes: [ cn ]
     groupMembershipAttributes: [ "memberof:1.2.840.113556.1.4.1941:" ]
         baseDN: "DC=ad,DC=lasthome,DC=solace,DC=krynn"
         scope: sub
         derefAliases: never
         filter: (objectclass=person)
         pageSize: 0
     userNameAttributes: [ "sAMAccountName" ]

Thanks Guys,


More information about the samba mailing list