[Samba] Problems with Samba after upgrading to v4 and changing LDAP-backend from OpenLDAP to 389

Björn JACKE bjacke at SerNet.DE
Wed Sep 21 18:48:42 UTC 2022

Hello Alexander,

On 2022-09-21 at 11:57 +0200 Alexander Harm || ApfelQ via samba sent off:
> LDAP seems to work in principle "pdbedit -L” is successful. However, running “pdbedit -Lv username” returns an error: “Failed to find a Unix account for username” and “Primary Group SID: (NULL SID)”.
> So I guess the idmap is messed up?
> Actually I’m not sure how the idmap is stored in LDAP since both idmap-OUs look the same to me (empty) on the old OpenLDAP and new 389.
> Any hints/advice?

the old non-OpenLDAP schema files might not be as up-to-date as the OpenLDAP
schema file is. We had a focus mainly on the OpenLDAP support in the past and
the Netscape schema files had missed updated sometimes. Or the schema extension
is not correctly installed on your 389 server.

Best regards
SerNet GmbH - Bahnhofsallee 1b - 37081 Göttingen
phone: +495513700000  mailto:contact at sernet.com
AG Göttingen: HR-B 2816 - https://www.sernet.com
Manag. Directors Johannes Loxen and Reinhild Jung
data privacy policy https://www.sernet.de/privacy

More information about the samba mailing list