Ok, I apologize in advance for the long winded story here, but this might get a little lengthy.
First of all, thanks again Emmanuel for your response. Here is a bit more of what I've done and tried to do in depth. Before posting I should have mentioned that the Samba and NIS schemas were enabled. Prior posts to the mailing list helped me with that months ago (its only been just now that I've had time to revisit this little science experiment). Anyway, I initially added the AT to ou=attributes, but I had botched the OID and EQUALITY values. They were just corrected, and thanks for posting the information for that. Afterwards, I added the AT to the sambaDomain object class, restarted Directory Studio, and I could not add a sambaPwdHistoryLength value to my domain object . in Directory Studio that is. I opened up my other LDAP configuration manager, LDAP Account Manager (LAM), and I was able to add the sambaPwdHistoryLength attribute to my domain without any issue. Now when I open Directory Studio back up, I can see the value there but it's in italics. I cannot add a second value, or add the attribute to a newly created domain. Again, though, LAM seems to do this without issue. However, I tried to connect to Samba via LDAP, and still no success. And no there was no error indicating missing and ignored attributes. It wasn't until I fired up Wireshark that I saw my real problem. By the way, Wireshark is one of the single best utilities for diagnosing network communication problems, my hats off to those guys. Anyway, I was watching the packet flow between Samba and LDAP, and after a bit of this activity, I saw that Samba was in fact asking for my uid from the LDAP server. Samba uses two filters to ask for a user account, it filters users by "uid=user" and "objectclass=sambaSamAccount". Applying those two filters, it did not find "uid=user". So used ldapsearch to do run my own search. When I search for "uid=user", it came back without issue, but adding the "objectClass=sambaSamAccount" filter it returned nothing. I double checked directory studio, and sure enough, uid=user has the "objectClass=sambaSamAccount" attribute. So I searched for any objects that had the "objectClass=sambaSamAccount" inside my user group. I found that both "uid=root" and "uid=nobody" had this attribute and were returned by the search. So I thought, what happens when I try to access Samba using the root account? I opened up Explorer, used the root account and password I set up during smbldap-populate, and BLAM. Access to the share. I checked the Apache DS logs later and found references to another missing and ignored attribute, "sambaMaxPwdAge", but now I believe that the missing attributes were simply just red herrings. So I'm left with two questions, why can't Apache DS add the new attribute but LAM can (both use the same admin dn)? And the big one, the $64,000 question, why does Apache DS return 2 uid's when search for "objectClass=sambaSamAccount", but doesn't return my user accounts, when the "objectClass=sambaSamAccount" attribute is present in all of them? A little more information, the root and nobody accounts were created when the smbldap-populate command was run, and the user accounts were created with "smbldap-useradd -a user". Here is a print out of the information that ldapsearch returns for both accounts: dn: uid=root,ou=People,dc=mydomain,dc=com uid: root sn: root sambaNTPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX sambaAcctFlags: [U] objectClass: organizationalPerson objectClass: person objectClass: posixAccount objectClass: sambaSamAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: top loginshell: /bin/false cn: root uidnumber: 0 homedirectory: /home/root sambalogofftime: 2147483647 userPassword:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX sambaPwdMustChange: 1306701193 shadowLastChange: 15078 gidnumber: 0 sambakickofftime: 2147483647 sambaprimarygroupsid: S-1-5-21-3758697847-7384960784-35657434567-512 sambaPwdLastSet: 1302813193 sambasid: S-1-5-21-3758697847-7384960784-35657434567-500 sambaLMPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX shadowMax: 45 sambalogontime: 0 gecos: Netbios Domain Administrator sambapwdcanchange: 0 dn: uid=user, ou=People,dc=mydomain,dc=com uid: user sn: user sambaNTPassword: XXX sambaAcctFlags: [UX] objectClass: organizationalPerson objectClass: person objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: top displayName: user givenname: user uidnumber: 30000 loginshell: /bin/bash cn: user homedirectory: /home/user sambaLogoffTime: 2147483647 userPassword:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX sambaPwdMustChange: 2147483647 shadowLastChange: 15078 gidnumber: 513 sambaKickoffTime: 2147483647 sambaPwdLastSet: 0 sambaPrimaryGroupSID: S-1-5-21-3758697847-7384960784-35657434567-513 sambaSID: S-1-5-21-3758697847-7384960784-35657434567-61000 sambaLMPassword: XXX shadowMax: 45 sambaLogonTime: 0 gecos: System User sambaPwdCanChange: 0 If anyone can shed some light on this I would be much obliged. Thanks!
