Re: [Samba] Problem: LDAP as idmap backend

Fri, 14 Aug 2009 05:25:41 -0700 

A big change in ldap usage documented only in the man pages.
For 3.3.7 I had to change from this
idmap backend = ldap:ldap://niairpfiler1.grc.nia.nih.gov ldap:ldap:// niairpfiler2.grc.nia.nih.gov 

to this

ldap ssl = no
idmap backend = ldap:ldap://ldapserv1
idmap alloc backend = ldap
idmap alloc config : ldap_user_dn = cn=Manager,dc=X,dc=X
idmap alloc config : ldap_base_dn = ou=People,dc=X,dc=X
idmap alloc config : ldap_url = ldap://ldapserv2

you have to set your alloc password separately with net idmap command.



In my case CentOS 5.3 openldap does not do multimaster, ldapserv1 is  
master and ldapserv2 is slave.

I ended up rolling back to 3.0.3 for other issues.


Regardless of quoting etc, 3.3.7 did not support multiple ldapservers  
listed on the idmap backend line.



On Aug 13, 2009, at 5:26 PM, Chris Osicki wrote:


Hi


I've just upgraded Samba on Solaris 10 from the bundled version  
(3.0.33)
to 3.4.0 and winbind don't want to cooperate with LDAP as idmap  
backend

anymore.

The smb.conf I use is:

[global]
   workgroup = CORPROOT
   netbios name = usonfs
   security = domain
   log level = 10
   preferred master = no
   bind interfaces only = yes
   interfaces = usonfs

   password server = sg000057.corproot.net sg1006z.corproot.net
   winbind uid = 20000-21000
   winbind gid = 20000-21000
   winbind enum users = no
   winbind enum groups = no

   # Using ldap server as winbindd backend

   idmap backend = ldap:ldap://usoldap01.swissptt.ch ldap:ldap:// 
usoldap02.swissptt.ch

   ldap admin dn = uid=idmapadm,ou=idmap,dc=swissptt,dc=ch
   ldap idmap suffix = ou=idmap
   ldap suffix = dc=swissptt,dc=ch

I compiled Samba myself: configure; make; make install.

It must be something obvious I'm overlooking I hope somebody could
point it out.

Running winbindd as:

/usr/local/samba/sbin/winbindd -d 3 -i -n

I see those messages:

[ 8286]: sid to uid S-1-5-21-796845957-1547161642-839522115-187984
idmap_init: using 'ldap' as remote backend
Failed to issue the StartTLS instruction: Connect error
Connection to LDAP server failed for the 1 try!
Failed to issue the StartTLS instruction: Connect error
Connection to LDAP server failed for the 3 try!
Failed to issue the StartTLS instruction: Connect error
Connection to LDAP server failed for the 5 try!
Failed to issue the StartTLS instruction: Connect error
Connection to LDAP server failed for the 7 try!


Thanks for your time.

Regards,
Chris
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba






















					Reply via email to