Bug 4490 - LDAP error when creating new group (local or global) via usrmgr.exe
Summary: LDAP error when creating new group (local or global) via usrmgr.exe
Status: NEW
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.25
Hardware: Sparc Solaris
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2007-04-05 06:12 UTC by Nicolas HAHN
Modified: 2007-04-05 06:18 UTC (History)
0 users

See Also:

samba logs for described problem (143.98 KB, text/plain)
2007-04-05 06:18 UTC, Nicolas HAHN
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Nicolas HAHN 2007-04-05 06:12:59 UTC
used samba version is 3.0.25pre2
used backend is LDAP (Sun One Directory Server 5.2P4)
SAMBA Server OS is Solaris 10. compilation done with gcc 3.4.6, with ldap, kerberos quotas, acl support.

When creating a local group via usrmgr.exe on XP SP2, I systematically have an access denied.
Checking samba logs, here is a description of the problem:
- samba call smbldap-groupadd to create the group in the LDAP.
- the group is created with, let's say rid 3035, computed by smbldap-groupadd
- samba is looking for the newly created group, doing the search with RID 1014
- it doesn't find it
- then it does a new search with groupname and find it
- it tries to do the following operation: removal of the existing sambaSID attribute, and addition of a new sambaSID attribute with correct samba computed RID (1014)
- at the time of submitting the LDAP changes to the LDAP server, the problem occurs: I see in the logs (LDAP server and SAMBA) that the LDAP operation failed because samba is trying to record a duplicate attribute
- then samba send a NT_STATUS_ACCESS_DENIED

I will enclose a samba 3.0.25pre2 log extract where we can see this problem. (level 3)
Comment 1 Nicolas HAHN 2007-04-05 06:18:53 UTC
Created attachment 2360 [details]
samba logs for described problem

Note that this problem also happens when I try to create a global group via usrmgr.exe. And furthemore in this case, there is another problem: I also have a remote procedure call failure. But I will post another ticket for this.

Just another thing:
- Despite of the problem, the local group is created in the ldap. Then I do a refresh in usrmgr and I can see it and do whatever I want without any problem (addition or removal of users, write a description for the group, delete the group ...)