Bug 3563 - "smbldap_open: cannot access LDAP when not root " using usrmg to add users to a group
Summary: "smbldap_open: cannot access LDAP when not root " using usrmg to add users to...
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.21b
Hardware: x86 Linux
: P3 normal
Target Milestone: 3.0.23
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact: Samba QA Contact
Depends on:
Reported: 2006-02-28 10:07 UTC by Stefano Zanarini
Modified: 2006-05-19 09:56 UTC (History)
2 users (show)

See Also:

samba log during the "add user to group" operation (15.55 KB, text/plain)
2006-03-01 10:09 UTC, Stefano Zanarini
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Stefano Zanarini 2006-02-28 10:07:53 UTC
Same problem of the second example of bug:2509 that is marked as fixed.

I'm using Samba 3.0.21b ,usrmgr.exe on a win 2k pro ,smbldaptools ,using "enable privileges" and  have the same errors on logs (smbldap_open: cannot access LDAP when not root) trying to add an user to a group using usmgr .

See bug 2509 for more info .
Comment 1 Gerald (Jerry) Carter (dead mail address) 2006-03-01 09:35:53 UTC
Please attached a compressed level 10 debug log from smbd 
illustrating the error.
Comment 2 Stefano Zanarini 2006-03-01 10:09:20 UTC
Created attachment 1764 [details]
samba log during the "add user to group" operation

The log is taken during an operation from the usrmgr :

- open usrmgr
- double click on any group 
- try to ad a new user to that group.

to note that selecting a new group from the user's properties works :

- open usrmgr
- double click on any user
- select the "Groups" botton
- add new groups to which the user belong
- new membership effective
Comment 3 Jacob Lindberg 2006-03-09 07:42:45 UTC
I had the same problem. I solved it by changing the user account accessing my OpenLDAP tree. I used to use a special samba account, which apparently 'lost' it's credential (maybe I need to change some 'access to attr' in my slapd.conf). 

When I changed to the Manager account all these errors dissapeared.

Here is a snip of my smb.conf:
        #ldap admin dn = cn=samba,ou=DSA,dc=brenntag,dc=com (had the error mentioned here)
        ldap admin dn = cn=Manager,dc=brenntag,dc=com (works)

I discoverd the problem when a normal user tried to change his password.

Hope this helps out a bit :-)

Comment 4 Guglielmo 2006-03-17 02:10:47 UTC
Looks like the same error appears if a user tries to change his password via net command or from windows (ctrl+alt+del) on samba 3.0.21b or 3.0.21c
Comment 5 Gerald (Jerry) Carter (dead mail address) 2006-04-24 03:46:44 UTC
Setting target milestone to ensure that this gets reviewed before 3.0.23-final
Comment 6 Gerald (Jerry) Carter (dead mail address) 2006-05-19 09:56:50 UTC
please retest against 3.0.23pre1.  I cannot reproduce any failures.
Also, the posted log file does not continue the full conversation.