[Samba] 3.0.20b seems to ignore ldap user suffix
Excerpts from smb.conf: passdb backend = ldapsam:ldap://localhost ldap admin dn = cn=admin,dc=arch,dc=uni-karlsruhe,dc=de ldap group suffix = ou=groups ldap machine suffix = ou=computer ldap suffix = o=archipool,dc=arch,dc=uni-karlsruhe,dc=de ldap ssl = no ldap user suffix = ou=aktiv,ou=Accounts The system wide ldap suffix is a different one (ou=accounts,o=archipool,dc=arch,dc=uni-karlsruhe,dc=de). Samba, however, should only search for users in the specified user suffix, since not all system users are supposed to be able to use samba. slapd.log: Oct 28 12:17:30 far-poolserver64 slapd[9499]: SRCH o=archipool,dc=arch,dc=uni-karlsruhe,dc=de 2 3 [debug output snipped] Oct 28 12:17:30 far-poolserver64 slapd[9499]: filter: ((uid=dummy) (objectClass=sambaSamAccount)) Should I file a bug report, does anybody spot a config error or is more info needed? Regards, Jonas Jochum archIT - Faculty of Architecture -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20b seems to ignore ldap user suffix
On Fri, 2005-10-28 at 13:36 +0200, Jonas Jochum wrote: Excerpts from smb.conf: passdb backend = ldapsam:ldap://localhost ldap admin dn = cn=admin,dc=arch,dc=uni-karlsruhe,dc=de ldap group suffix = ou=groups ldap machine suffix = ou=computer ldap suffix = o=archipool,dc=arch,dc=uni-karlsruhe,dc=de ldap ssl = no ldap user suffix = ou=aktiv,ou=Accounts The system wide ldap suffix is a different one (ou=accounts,o=archipool,dc=arch,dc=uni-karlsruhe,dc=de). Samba, however, should only search for users in the specified user suffix, since not all system users are supposed to be able to use samba. slapd.log: Oct 28 12:17:30 far-poolserver64 slapd[9499]: SRCH o=archipool,dc=arch,dc=uni-karlsruhe,dc=de 2 3 [debug output snipped] Oct 28 12:17:30 far-poolserver64 slapd[9499]: filter: ((uid=dummy) (objectClass=sambaSamAccount)) Should I file a bug report, does anybody spot a config error or is more info needed? does this match what is in padl's ldap.conf ? Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20b seems to ignore ldap user suffix
Am Friday 28 October 2005 16:00 schrieb Craig White: does this match what is in padl's ldap.conf ? Do you mean pam_ldap.conf? No, it doesn't: base ou=aktiv,ou=accounts,o=archipool,dc=arch,dc=uni-karlsruhe,dc=de libnss-ldap.conf uses base o=archipool,dc=arch,dc=uni-karlsruhe,dc=de The reason for this is that we're temporarily moving disabled accounts to ou=inakt,ou=accounts,o=archipool,dc=arch,dc=uni-karlsruhe,dc=de. Due to samba using the wrong search base, they're still able to log in (don't tell me to use sambaAcctFlags - I know they can be used for accomplishing the same thing). Bye, Jonas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
