If there is a referral somewhere outside of ou=users in the LDAP tree
that points to the ou=users subtree, Samba thinks there are two
posixAccounts of the same name. Fix this by making smbd not actually
search the entire tree, but just the users subtree.

---
 source/passdb/pdb_ldap.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: samba-3.2.7/source/passdb/pdb_ldap.c
===================================================================
--- samba-3.2.7.orig/source/passdb/pdb_ldap.c
+++ samba-3.2.7/source/passdb/pdb_ldap.c
@@ -2835,7 +2835,7 @@ static NTSTATUS ldapsam_enum_group_membe
 		goto done;
 	}
 
-	rc = smbldap_search(conn, lp_ldap_suffix(),
+	rc = smbldap_search(conn, lp_ldap_user_suffix(),
 			    LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result);
 
 	if (rc != LDAP_SUCCESS)