[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP Samba4

Pascal den Bekker wrote:

I want to use openldap as a backend for Samba4. I set up the openldap
with a different port, because samba4 has an own "ldap" server running
on port 389.
I set up the standard config for samba4 like this:

As far as I know, the last time this was anywhere close to working was in 2010 and since then the Samba Team ripped out a lot of the OpenLDAP support. We (Symas) have recently hired a former Samba Team engineer to get this code back into working order but it's been off to a very slow start. I expect it will be several months before we have anything back in usable state, based on the current rate of progress.

      passdb backend = ldapsam:ldap://ldap.example.com:3389
      ldap suffix = dc=ldap,dc=example,dc=com
      ldap user suffix = ou=users
      ldap group suffix = ou=groups
      ldap machine suffix = ou=computers
      ldap idmap suffix = ou=Idmap
      ldap delete dn = no
      ldap admin dn = cn=admin,dc=ldap,dc=example,dc=com
      ldap ssl = no
      ldap passwd sync = yes
      idmap_ldb:use rfc2307 = Yes
      invalid users = root

Created also the ou's in openldap, added a couple of users in openldap.
Also set the smbpasswd, but everytime when I try to ask the openldap
through samba. Im getting:

smbldap_search_domain_info: Adding domain info for OPENCHANGE failed

Do I still need to load the samba.schema in openldap ? And when yes..
How do I do that??

Before taking any guesses at what actions you could take, first you need to see what the actual underlying error messages were. "NT_STATUS_UNSUCCESSFUL" is a generic Windows error code, and doesn't tell anything about what happened at the LDAP layer. What errors are in the slapd log?

openldap: 2.4.31
samba:     4.0.1
OS:           Debian Wheezy

2.4.31 is relatively old, you should use the current release (2.4.36).


  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/