The Samba-Bugzilla – Bug 676
Samba as PDC w/ LDAP won't allow groups created from User Manager
Last modified: 2005-11-14 09:26:44 UTC
When running Samba as a PDC with an LDAP backend (used for Linux authentication
also), creating a new group with Microsoft's User Manager for Domain's (NT
version) fails. When attempting to add a group, Windows returns an error
message "Group name cannot be found."
After tracing through LDAP and Samba debug logs, I saw that the group actually
gets created and is then deleted. The group is created through a perl script
specified in smb.conf. This script exits with a 0 status and the gidNumber of
the group. The group then gets mapped correctly.
After this, the "ldapsam_update_group_mapping_entry" function in
passdb/pdb_ldap.c is called with a null mods list. Because this list is null,
the function returns NTStatus code "NT_STATUS_UNSUCCESSFUL" and prints a debug
message "ldapsam_update_group_mapping_entry: mods is empty: nothing to do\n".
Upon receiving this status, User Manager issues the command to delete the
group, which is completed successfully, and then displays the error message.
As a temporary solution, I simply changed the NT_STATUS_UNSUCCESSFUL return
status to an "NT_STATUS_OK" when "ldapsam_update_group_mapping_entry" is called
with null mods. This has worked perfectly for me, but I am unaware of any
negative side effects this may cause.
I think this has since been fixed in 3.0.2a
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.