The Samba-Bugzilla – Bug 4490
LDAP error when creating new group (local or global) via usrmgr.exe
Last modified: 2007-04-05 06:18:53 UTC
used samba version is 3.0.25pre2
used backend is LDAP (Sun One Directory Server 5.2P4)
SAMBA Server OS is Solaris 10. compilation done with gcc 3.4.6, with ldap, kerberos quotas, acl support.
When creating a local group via usrmgr.exe on XP SP2, I systematically have an access denied.
Checking samba logs, here is a description of the problem:
- samba call smbldap-groupadd to create the group in the LDAP.
- the group is created with, let's say rid 3035, computed by smbldap-groupadd
- samba is looking for the newly created group, doing the search with RID 1014
- it doesn't find it
- then it does a new search with groupname and find it
- it tries to do the following operation: removal of the existing sambaSID attribute, and addition of a new sambaSID attribute with correct samba computed RID (1014)
- at the time of submitting the LDAP changes to the LDAP server, the problem occurs: I see in the logs (LDAP server and SAMBA) that the LDAP operation failed because samba is trying to record a duplicate attribute
- then samba send a NT_STATUS_ACCESS_DENIED
I will enclose a samba 3.0.25pre2 log extract where we can see this problem. (level 3)
Created attachment 2360 [details]
samba logs for described problem
Note that this problem also happens when I try to create a global group via usrmgr.exe. And furthemore in this case, there is another problem: I also have a remote procedure call failure. But I will post another ticket for this.
Just another thing:
- Despite of the problem, the local group is created in the ldap. Then I do a refresh in usrmgr and I can see it and do whatever I want without any problem (addition or removal of users, write a description for the group, delete the group ...)