[Samba] Using Samba AD/DC as an Active Directory OAuth provider for OpenShift
vincent at cojot.name
vincent at cojot.name
Fri Aug 21 21:51:21 UTC 2020
Hi Rowland,
First of all, thank you for taking the time to help me.
I tried your suggestion and all results came up empty.
Then I did a few lapdsearch(es) and found this:
1) This query returns two users:
ldapsearch -H ldaps://dc00.ad.lasthome.solace.krynn:636 -x -W -D
"raistlin at ad.lasthome.solace.krynn" -b
"dc=ad,dc=lasthome,dc=solace,dc=krynn"
'memberOf:1.2.840.113556.1.4.1941:=cn=Domain
Admins,CN=Users,dc=ad,dc=lasthome,dc=solace,dc=krynn'
2) This query returns no users ("Domain Users" instead of "Domain
Admins"):
ldapsearch -H ldaps://dc00.ad.lasthome.solace.krynn:636 -x -W -D
"raistlin at ad.lasthome.solace.krynn" -b
"dc=ad,dc=lasthome,dc=solace,dc=krynn"
'memberOf:1.2.840.113556.1.4.1941:=cn=Domain
Users,CN=Users,dc=ad,dc=lasthome,dc=solace,dc=krynn'
-but- the list of users is correctly reported if I run this on a DC:
root at dc01 ~]# samba-tool group listmembers 'Domain Users'
[....]
raistlin
[...]
krbtgt
dns-dc00
dns-dc01
Am I doing something wrong?
Regards,
Vincent
More information about the samba
mailing list