Here's the log snippet: get_domain_user_groups: searching domain groups [jerry] is a member of ldapsam_open: cannot access LDAP when not root.. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Connection to LDAP Server failed for the 1 try! LDAP search failed: Insufficient access Query was: dc=plainjoe,dc=org, (objectclass=sambaGroupMapping) Unable to open passdb 000000 samr_io_r_query_usergroups 0000 ptr_0 : 00000000 0004 status: NT_STATUS_NO_SUCH_GROUP To reproduce, just try setting the wallpaper for the desktop on an XP client by browsing a samba file share. Use the display control applet on the XP client to set the wall paper.
may or may not be related (level 0 entries): ldapsam_open: cannot access LDAP when not root.. LDAP search failed: Insufficient access Unable to open passdb failed to decode PDU process_request_pdu: failed to do schannel processing.
Also the logs reports a ldapsam_retry_open() failure: ... [2003/05/27 15:57:14, 0] passdb/pdb_ldap.c:ldapsam_open(697) ldapsam_open: cannot access LDAP when not root.. [2003/05/27 15:57:14, 1] passdb/pdb_ldap.c:ldapsam_retry_open(782) Connection to LDAP Server failed for the 1 try! [2003/05/27 15:57:14, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(3516) LDAP search failed: Insufficient access ... a bad pointer in the ldap passwd?
I think the ldapsam_setsamgrent() is called as the uidNumber of the user. In this example the geteuid() from in the ldapsam_open() returns "20034" the uidNumber for the user "555555-5" (I modified the DEBUG line). [2003/05/27 20:28:37, 2] passdb/pdb_ldap.c:init_sam_from_ldap(1949) Entry found for user: 555555-5 ... ldapsam_open: cannot access LDAP when not root... 20034
From a brief scan through the code, it looks like the ldapsam_setsamgrent() is called only by the pdb_enum_group_mapping() function. There are several occurences of this throughout the RPC server code, only one of which is enclosed by a become_root()/unbecome_root() pair.
fixed by enclosing group enumerating in become/unbecome root. Although I think this needs to be reworked so that the become/unbecome root is handled by the backend for certain operations. This way we dond't have to become root for a tdbsam that is world readble.
originally reported against 3.0aph24. Bugzilla spring cleaning. Removing old alpha versions.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.