[Samba] LDAP query to Samba AD DC

Rowland Penny rpenny at samba.org
Fri Dec 16 08:30:02 UTC 2022

On 15/12/2022 23:09, Nicolas Canonne via samba wrote:
> Le 16/12/2022 à 02:28, Yang Yang via samba a écrit :
>> Hello,
>> When Samba is set up as an Active Directory Domain Controller, can it 
>> response to LDAP queries?
>> I set up Samba as an Active Directory Domain Controller, following 
>> guide in samba wiki 
>> <https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller> , and I can add Windows machines and login with samba users, as expected. However, when I tried LDAP query to any base DN, the answer had always been “No such object”.
>> Does Samba as an Active Directory Domain Controller support LDAP 
>> queries? Is there something else I shall do to make it work?
> On a DC itself that uses smb.domain.ext , I use something like :
> server at dc1:~$ sudo ldapsearch -ZZ -H ldap://dc1.smb.domain.ext:389 -b 
> 'DC=smb,DC=domain,DC=ext' -D 'SMB\Administrator' -w 'mysecretadminpassword'
> It tells to use TLS (required)

I never search Samba ldap using ldapsearch, I use ldbsearch with the 
machine password:

sudo ldbsearch -H ldap://rpidc1 -b 'dc=samdom,dc=example,dc=com' -P

That is more secure than ldaps


More information about the samba mailing list