How to test samba LDAP parameters with openldap tools, eg ldapsearch?
Alexander Bokovoy
ab at samba.org
Wed Apr 12 10:58:59 UTC 2023
On ke, 12 huhti 2023, Jan Andersen via samba-technical wrote:
> I have an openLDAP service running on a debian 11 system, and Samba 4.13 on
> another Debian 11. In smb.conf I have set up the following:
>
> # LDAP Settings
> passdb backend = ldapsam:ldap://vogon.zombie.io
> ldap suffix = dc=zombie,dc=io
> ldap user suffix = ou=people
> ldap group suffix = ou=groups
> ldap machine suffix = ou=computers
> ldap idmap suffix = ou=Idmap
> ldap admin dn = cn=admin,dc=zombie,dc=io
> ldap ssl = start tls
> ldap passwd sync = yes
>
> I have some trouble understanding why this doesn't appear to work, and I
> would like to try to understand how these parameters map to the parameters
> of, say, ldapsearch, so I can see if the problem lies there.
>
> I have run smbd with max debugging, and as far as I can see, it successfully
> makes contact with the LDAP server, but then doesn't find the user I'm
> trying to log in with. However, when I do a search with ldapsearch, like
> this:
>
> ldapsearch -v -b "dc=zombie,dc=io" -H ldaps://vogon.zombie.io -D
> "cn=admin,dc=zombie,dc=io" -W
>
> - I find the user in the output. So, my question is, which ldapsearch
> command would be equivalent to what smbd is doing?
Please provide logs from smbd side.
--
/ Alexander Bokovoy
More information about the samba-technical
mailing list