Oh, my mistake. Needed to change: binddn "WYNNYCHENKO\Administrator"
to binddn "WYNNYCHENKO\\Administrator" also. Now, when I start ypldap: # ypldap -dv ... startup [debug mode] configuration starting applying configuration connecting to directories starting directory update searching password entries searching group entries updates are over, cleaning up trees now flattening trees --- So, at least I seem to be moving forward. Thanks -----Original Message----- From: Theodore Wynnychenko [mailto:t...@uchicago.edu] Sent: Monday, January 11, 2016 9:21 AM To: 'misc' Subject: RE: ypldap.conf help - was: Samba4 and OpenBSD On Mon, Jan 11, 2016 at 9:37 AM, Stuart Henderson <s...@spacehopper.org> wrote: > On 2016-01-11, Theodore Wynnychenko <t...@uchicago.edu> wrote: >> directory "ldap://DC1.samba.domain.com:389" { > > afaik this just takes a hostname, not a URL. Confirmed. And see also: http://obfuscurity.com/2009/08/OpenBSD-as-an-LDAP-Client Ciao! David -- Thanks for the advice. So, replacing the 'H "ldap://DC1.samba.domain.com:389"' with '-h "DC1.samba.domain.com"' in ldapsearch works. e.g.: ldapsearch -x -h "DC1.samba.domain.com" -D "DOMAIN\Administrator" -w "password" -b "dc=samba,dc=domain,dc=com" "(objectClass=group)" ... # search result search: 2 result: 0 Success # numResponses: 8 # numEntries: 4 # numReferences: 3 ----- ldapsearch also works if I use '-h "localhost"' or '-h "127.0.0.1"' or '-h "xxx.yyy.zzz.aaa"'. But, when I replace the directory line in ypldap.conf to: directory "DC1.samba.domain.com" or "localhost" or "127.0.0.1" or the IP address; and start ypldap -dv, I get: # ypldap -dv startup [debug mode] configuration starting applying configuration connecting to directories starting directory update searching password entries directory DC1.samba.domain.com errored out in search and it hangs; after a manual break: ldap client exiting dns engine exiting --- The "errored out in search" line changes based on the directory value from ypldap.conf. I was wondering if there might be something "different" about the ldap server included with samba4; but 'man ldapsearch' confirms that it is not anything "special" from samba, but comes from OpenLDAP: man ldapsearch ... ACKNOWLEDGEMENTS OpenLDAP Software is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>. OpenLDAP Software is derived from University of Michigan LDAP 3.3 Release. OpenLDAP 2.4.43 2015/11/30 LDAPSEARCH(1) ---- Therefore, it seems to me that if "this" ldapsearch can get information out of the samba ldap server, than ypldap should be able to as well. Right? A search for the error message above doesn't really lead me anywhere. Any ideas what the error means? Thanks again ---- cat ypldap.conf ... # Global settings domain "samba.domain.com" interval 3600 # Specify the maps that ypldap should provide provide map "passwd.byname" provide map "passwd.byuid" provide map "group.byname" # Directory declaration directory "DC1.samba.domain.com" { binddn "DOMAIN\Administrator" bindcred "password" basedn "dc=samba,dc=domain,dc=com" # passwd maps configuration passwd filter "(objectClass=posixAccount)" attribute name maps to "uid" fixed attribute passwd "*" attribute uid maps to "uidNumber" attribute gid maps to "gidNumber" attribute home maps to "homeDirectory" attribute gecos maps to "gecos" # LDAP users are not interactive system users fixed attribute shell "/sbin/nologin" fixed attribute change "0" fixed attribute expire "0" fixed attribute class "default" # group maps configuration group filter "(objectClass=group)" attribute groupname maps to "cn" fixed attribute grouppasswd "*" fixed attribute groupgid "*" list groupmembers maps to "member" } [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]