I have this configuration
ldap admin dn = cn=Directory Manager
ldap suffix = dc=test.com,dc=global
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Machines
and when i try to add an account it can't find the object:
# smbpasswd -D10 -am test1$
ldapsam_getsampwnam: Unable to locate user [test1$] count=0
Get_Pwnam_internals didn't find user [test1$]!
Failed to add entry for user test1$.
acording to this thread:
group, user and machine suffixes are ignored(!) but in the docs those settings are clearly explained:
i've tried with changing ldap.conf settings and indeed, it works.
so I'm not sure where this bug should be placed because is either a documentation bug or a config parsing bug.
feel free to change it.
"ldap user/group suffix" is used to *create* the LDAP objects. LDAP searches are being done at the "ldap suffix" as search base, which obviously also includes the ldap user/group suffix, because this is is subtree of it. This does not contradict the documentation.