The Samba-Bugzilla – Bug 3563
"smbldap_open: cannot access LDAP when not root " using usrmg to add users to a group
Last modified: 2006-05-19 09:56:50 UTC
Same problem of the second example of bug:2509 that is marked as fixed.
I'm using Samba 3.0.21b ,usrmgr.exe on a win 2k pro ,smbldaptools ,using "enable privileges" and have the same errors on logs (smbldap_open: cannot access LDAP when not root) trying to add an user to a group using usmgr .
See bug 2509 for more info .
Please attached a compressed level 10 debug log from smbd
illustrating the error.
Created attachment 1764 [details]
samba log during the "add user to group" operation
The log is taken during an operation from the usrmgr :
- open usrmgr
- double click on any group
- try to ad a new user to that group.
to note that selecting a new group from the user's properties works :
- open usrmgr
- double click on any user
- select the "Groups" botton
- add new groups to which the user belong
- new membership effective
I had the same problem. I solved it by changing the user account accessing my OpenLDAP tree. I used to use a special samba account, which apparently 'lost' it's credential (maybe I need to change some 'access to attr' in my slapd.conf).
When I changed to the Manager account all these errors dissapeared.
Here is a snip of my smb.conf:
#ldap admin dn = cn=samba,ou=DSA,dc=brenntag,dc=com (had the error mentioned here)
ldap admin dn = cn=Manager,dc=brenntag,dc=com (works)
I discoverd the problem when a normal user tried to change his password.
Hope this helps out a bit :-)
Looks like the same error appears if a user tries to change his password via net command or from windows (ctrl+alt+del) on samba 3.0.21b or 3.0.21c
Setting target milestone to ensure that this gets reviewed before 3.0.23-final
please retest against 3.0.23pre1. I cannot reproduce any failures.
Also, the posted log file does not continue the full conversation.