Bug 439 - Invalid DN in net group map add
Summary: Invalid DN in net group map add
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: net utility (show other bugs)
Version: 3.0.0preX
Hardware: Other other
: P3 normal
Target Milestone: none
Assignee: Tim Potter
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-09-11 17:31 UTC by Tim Potter
Modified: 2005-08-24 10:27 UTC (History)
1 user (show)

See Also:


Attachments
the log with eror (21.13 KB, application/octet-stream)
2003-09-12 01:32 UTC, spurnelle
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Potter 2003-09-11 17:31:46 UTC
From bug 431:

------- Additional Comment #2 From spurnelle  2003-09-11 01:27 -------

The nss_ldap and pam_ldap are correct, but nom I have this error message !
maybe I have on this machine samba 2.2.7a and 3.0.0 the smb 2.2.x is stopped,
but ...

./net groupmap add sid="S-1-5-21-2824906792-3480216954-4110921517-512"
unixgroup=administrateurs ntgroup="Domain Admins"
[2003/09/11 10:22:43, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1651)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error: invalid
DN (Invalid DN syntax)ldapsam_search_one_group: Problem during the LDAP search:
LDAP error: invalid... LDAP error: invalid DN (Invalid DN
syntax)ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
invalid DN (Invalid DN syntax)ldapsam_search_one_group: Problem during the LDAP
search: LDAP error: invalid DN (Invalid DN syntax)ldapsam_search_one_group:
Problem during the LDAP search: LDAP error: 
adding entry for group Domain Admins failed!
Comment 1 Tim Potter 2003-09-11 17:33:21 UTC
Stephane, can you post a level 10 log of this command failing?  Adding '-d10' to
the end of the command line should do it.
Comment 2 spurnelle 2003-09-12 01:32:31 UTC
Created attachment 138 [details]
the log with eror
Comment 3 Tim Potter 2003-09-14 17:39:16 UTC
Can you try removing the quotes from the 'ldap suffix' and 'ldap admin dn'
parameters?

doing parameter ldap suffix = "dc=corman,dc=be"
doing parameter ldap passwd sync = yes
doing parameter ldap user suffix = ou=users
doing parameter ldap machine suffix = ou=machines
doing parameter ldap group suffix = ou=groupes
doing parameter ldap admin dn = "cn=manager,dc=corman,dc=be"
Comment 4 spurnelle 2003-09-15 02:42:26 UTC
It's work fine !
The SambaSID is correctly add to the group.
Thank you.

Now, could you modify the example 11.4.1 page 122 from samba-howto-collection.
This example contain ldap suffix and ldap admin dn with quotes.

Other question : if I tape a SID with no sub-sid same -512 or -513 ...
There are a control ?
Comment 5 Tim Potter 2003-09-15 05:09:54 UTC
I'll update the documentation.
Comment 6 Gerald (Jerry) Carter (dead mail address) 2005-02-07 09:05:57 UTC
originally reported against one of the 3.0.0rc[1-4] releases.
Cleaning up non-production versions.
Comment 7 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:27:18 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.