[Samba] Problems with Samba after upgrading to v4 and changing LDAP-backend from OpenLDAP to 389

Alexander Harm || ApfelQ alexander.harm at apfelq.com
Wed Sep 21 19:32:10 UTC 2022

Thank you all for your input, very much appreciated. Would there be a way to migrate the idmap from LDAP from the old OpenLDAP to e. g. IDMAP_RID?

Regards, Alexander

> On Wednesday, Sep 21, 2022 at 8:48 PM, Björn JACKE <bjacke at SerNet.DE (mailto:bjacke at SerNet.DE)> wrote:
> Hello Alexander,
> On 2022-09-21 at 11:57 +0200 Alexander Harm || ApfelQ via samba sent off:
> > LDAP seems to work in principle "pdbedit -L” is successful. However, running “pdbedit -Lv username” returns an error: “Failed to find a Unix account for username” and “Primary Group SID: (NULL SID)”.
> >
> > So I guess the idmap is messed up?
> >
> > Actually I’m not sure how the idmap is stored in LDAP since both idmap-OUs look the same to me (empty) on the old OpenLDAP and new 389.
> >
> > Any hints/advice?
> the old non-OpenLDAP schema files might not be as up-to-date as the OpenLDAP
> schema file is. We had a focus mainly on the OpenLDAP support in the past and
> the Netscape schema files had missed updated sometimes. Or the schema extension
> is not correctly installed on your 389 server.
> Best regards
> Björn
> --
> SerNet GmbH - Bahnhofsallee 1b - 37081 Göttingen
> phone: +495513700000 mailto:contact at sernet.com
> AG Göttingen: HR-B 2816 - https://www.sernet.com
> Manag. Directors Johannes Loxen and Reinhild Jung
> data privacy policy https://www.sernet.de/privacy

More information about the samba mailing list