From bug 431: ------- Additional Comment #2 From spurnelle 2003-09-11 01:27 ------- The nss_ldap and pam_ldap are correct, but nom I have this error message ! maybe I have on this machine samba 2.2.7a and 3.0.0 the smb 2.2.x is stopped, but ... ./net groupmap add sid="S-1-5-21-2824906792-3480216954-4110921517-512" unixgroup=administrateurs ntgroup="Domain Admins" [2003/09/11 10:22:43, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1651) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: invalid DN (Invalid DN syntax)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: invalid... LDAP error: invalid DN (Invalid DN syntax)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: invalid DN (Invalid DN syntax)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: invalid DN (Invalid DN syntax)ldapsam_search_one_group: Problem during the LDAP search: LDAP error: adding entry for group Domain Admins failed!
Stephane, can you post a level 10 log of this command failing? Adding '-d10' to the end of the command line should do it.
Created attachment 138 [details] the log with eror
Can you try removing the quotes from the 'ldap suffix' and 'ldap admin dn' parameters? doing parameter ldap suffix = "dc=corman,dc=be" doing parameter ldap passwd sync = yes doing parameter ldap user suffix = ou=users doing parameter ldap machine suffix = ou=machines doing parameter ldap group suffix = ou=groupes doing parameter ldap admin dn = "cn=manager,dc=corman,dc=be"
It's work fine ! The SambaSID is correctly add to the group. Thank you. Now, could you modify the example 11.4.1 page 122 from samba-howto-collection. This example contain ldap suffix and ldap admin dn with quotes. Other question : if I tape a SID with no sub-sid same -512 or -513 ... There are a control ?
I'll update the documentation.
originally reported against one of the 3.0.0rc[1-4] releases. Cleaning up non-production versions.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.