As described in Bug https://bugzilla.samba.org/show_bug.cgi?id=3058 there are some Problems to use samba with eDirectory. I used eDirectory (8.7.3 SP8 and 8.8 SP1 from Novell-Download) and samba-3.0.20b-3.14 / samba-client-3.0.20b-3.4 from SLES9. I believe the problem is with earlier Version of samba also. We have a x86_64 machine(AMD Opteron)with SLES9 (actual Patches). With samba-client-3.0 are shipped two schema files: 1) /etc/openldap/schema/samba3.schema 2) /usr/share/samba/LDAP/samba-nds.schema In file samba3.schema is a problem with attribute sambaPasswordHistory which is sized to 32 Byte but it need 1024 Byte if you like migrate your accounts form OpenLdap to Edir OpenLdap checks the value of an attribute not so accurate as Edir does. In file samba-nds.schema the definition for this attribute is ok. In both schema files is a problem with sambaPwdMustChange which has a syntax resulting to the type integer. For Edir (8.7.3 SP8 and 8.8 SP1) a integer has 32 Bit even if its running on 64Bit machine. For samba integer is 64 Bit. If you like to migrate accounts (or just try to create a new one) samba tries to write the (default) value 9223372036854775807 for sambaPwdMustChange as a big 64Bit integer that doesn't fit in the 32Bit integer of Edir. So the ldapadd from Samba to Edir return an error. I resolved the Problem giving sambaPwdMustChange the Syntax 1.3.6.1.4.1.1466.115.121.1.36{19} (Numeric String sized to 19 Bytes). That's not a clean solution (a Numeric String isn't a integer) but I didn't need changes to samba, just work with samba out of the 'SLES Box'. Is there someone from the samba team which can give the schema files an appropriate change? People which like to use Edir as ldap would get an easier success.
Just attach your diffs here, that's the best place. Volker
The following output off 'diff' is from file /usr/share/samba/LDAP/samba-nds.schema and a second file to which I did the change for sambaPwdMustChange. 57c57 < attributeTypes: ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Timestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) --- > attributeTypes: ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Timestamp of when the password will expire' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{19} SINGLE-VALUE ) For the EQUALITY I'm not sure if it is the best solution. I did the definition for this Attribute with the 'iManager' (Web-based Tool from Novell) directly.
*** This bug has been marked as a duplicate of bug 3058 ***