I have a script that creates a machine account in the correct branch of the LDAP directory. When a machine is added via srvmgr and other tools, the script is called and executed successfully. However, the add-machine function as a whole fails to succeed, because the entry cannot be located and updated to a sambaSamAccount object class. This is because Samba is searching in the Users suffix instead of the Machines suffix. Here is the ldap debug output for adding a machine from the script: slapd[2043]: conn=141 op=7 ADD dn="cn=test,ou=Devices,dc=labs,dc=ntrg,dc=com" slapd[2043]: conn=141 op=7 RESULT tag=105 err=0 text= Here is the search that immediately follows: slapd[2043]: conn=143 op=1 SRCH base="ou=Users,dc=labs,dc=ntrg,dc=com" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=test$))" slapd[2043]: conn=143 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass slapd[2043]: conn=143 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= The search fails because it is using the wrong search base.
Wrong LDAP search context in source/passdb/pdb_ldap.c line 79845: { const char *attrs[] = { "memberUid", NULL }; rc = smbldap_search(conn, lp_ldap_user_suffix(), LDAP_SCOPE_SUBTREE, filter, attrs, 0, &msg); } should be changed to { const char *attrs[] = { "memberUid", NULL }; rc = smbldap_search(conn, lp_ldap_group_suffix(), LDAP_SCOPE_SUBTREE, filter, attrs, 0, &msg); } because the attribute "memberUid" is assigned to the objectClass "posixGroup".
this worked at least in later 3.0.2x releases. If you think there is still something wrong in recent releases please reopen or file a new bug. Thanks!