Bug 3235 - create ldap machine account fails with bad search
Summary: create ldap machine account fails with bad search
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.20b
Hardware: All All
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2005-11-02 16:01 UTC by Eric A. Hall
Modified: 2009-12-17 07:10 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Eric A. Hall 2005-11-02 16:01:24 UTC
I have a script that creates a machine account in the correct branch of the LDAP
directory. When a machine is added via srvmgr and other tools, the script is
called and executed successfully.

However, the add-machine function as a whole fails to succeed, because the entry
cannot be located and updated to a sambaSamAccount object class. This is because
Samba is searching in the Users suffix instead of the Machines suffix.

Here is the ldap debug output for adding a machine from the script:

slapd[2043]: conn=141 op=7 ADD dn="cn=test,ou=Devices,dc=labs,dc=ntrg,dc=com"
slapd[2043]: conn=141 op=7 RESULT tag=105 err=0 text=

Here is the search that immediately follows:

slapd[2043]: conn=143 op=1 SRCH base="ou=Users,dc=labs,dc=ntrg,dc=com" scope=2
deref=0 filter="(&(objectClass=posixAccount)(uid=test$))"
slapd[2043]: conn=143 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn
homeDirectory loginShell gecos description objectClass
slapd[2043]: conn=143 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=

The search fails because it is using the wrong search base.
Comment 1 Holger Luedecke 2006-02-28 03:02:13 UTC
Wrong LDAP search context in source/passdb/pdb_ldap.c line 79845:

                const char *attrs[] = { "memberUid", NULL };
                rc = smbldap_search(conn, lp_ldap_user_suffix(),
                                    LDAP_SCOPE_SUBTREE, filter, attrs, 0,

should be changed to

                const char *attrs[] = { "memberUid", NULL };
                rc = smbldap_search(conn, lp_ldap_group_suffix(),
                                    LDAP_SCOPE_SUBTREE, filter, attrs, 0,

because the attribute "memberUid" is assigned to the objectClass "posixGroup".

Comment 2 Björn Jacke 2009-12-17 07:10:40 UTC
this worked at least in later 3.0.2x releases. If you think there is still something wrong in recent releases please reopen or file a new bug. Thanks!