Hi, On Sat, Feb 05, 2005 at 03:09:42PM -0500, Adam Tauno Williams wrote: > > You want to say that samba asks LDAP of its possibilities, it returns > > nothing and samba think that it can not do nothing. Am I right? > > Seems to be the case, from very cursory inspection. > > Really an issue with the DSA, it should properly report its > capabilities.
Absolutely correct. According to http://www.faqs.org/rfcs/rfc2251.html LDAP v3 Servers MUST have a Root-DSE. The same document says that: -----8<------------------snip--------------8<-------------- 3.4. Server-specific Data Requirements An LDAP server MUST provide information about itself and other information that is specific to each server. This is represented as a group of attributes located in the root DSE (DSA-Specific Entry), which is named with the zero-length LDAPDN. These attributes are retrievable if a client performs a base object search of the root with filter "(objectClass=*)", however they are subject to access control restrictions. ----->8------------------snap-------------->8-------------- In this sense, anonymous searches for the Root-DSE may be prevented (although this is really rarely seen, e.g. ADS allows anonymous root-dse queries). So in the end, we better point out the fact that at least the "ldap admin dn" in smb.conf should be allowed to read the Root-DSE for proper ldapsam-operation including password change. Guenther -- Guenther Deschner Samba Team SerNet GmbH - Goettingen [EMAIL PROTECTED],org [EMAIL PROTECTED]
pgpBjM0vcJHEc.pgp
Description: PGP signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
