Bug 676 - Samba as PDC w/ LDAP won't allow groups created from User Manager
Samba as PDC w/ LDAP won't allow groups created from User Manager
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control
3.0.0
All Windows NT
: P3 minor
: none
Assigned To: Samba Bugzilla Account
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2003-10-23 15:07 UTC by Brandon Turner
Modified: 2005-11-14 09:26 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Brandon Turner 2003-10-23 15:07:54 UTC
When running Samba as a PDC with an LDAP backend (used for Linux authentication 
also), creating a new group with Microsoft's User Manager for Domain's (NT 
version) fails.  When attempting to add a group, Windows returns an error 
message "Group name cannot be found."

After tracing through LDAP and Samba debug logs, I saw that the group actually 
gets created and is then deleted.  The group is created through a perl script 
specified in smb.conf.  This script exits with a 0 status and the gidNumber of 
the group.  The group then gets mapped correctly.

After this, the "ldapsam_update_group_mapping_entry" function in 
passdb/pdb_ldap.c is called with a null mods list.  Because this list is null, 
the function returns NTStatus code "NT_STATUS_UNSUCCESSFUL" and prints a debug 
message "ldapsam_update_group_mapping_entry: mods is empty: nothing to do\n".  
Upon receiving this status, User Manager issues the command to delete the 
group, which is completed successfully, and then displays the error message.

As a temporary solution, I simply changed the NT_STATUS_UNSUCCESSFUL return 
status to an "NT_STATUS_OK" when "ldapsam_update_group_mapping_entry" is called 
with null mods.  This has worked perfectly for me, but I am unaware of any 
negative side effects this may cause.
Comment 1 Gerald (Jerry) Carter 2004-03-17 05:53:41 UTC
I think this has since been fixed in 3.0.2a
Comment 2 Gerald (Jerry) Carter 2005-08-24 10:16:59 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
Comment 3 Gerald (Jerry) Carter 2005-11-14 09:26:44 UTC
database cleanup