Bug 8291 - ldap suffixes are ignored
Summary: ldap suffixes are ignored
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: Config Files (show other bugs)
Version: unspecified
Hardware: x86 Linux
: P5 normal
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-07-07 11:02 UTC by muzzol
Modified: 2017-12-07 11:42 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description muzzol 2011-07-07 11:02:22 UTC 
I have this configuration

    ldap admin dn = cn=Directory Manager
    ldap suffix = dc=test.com,dc=global
    ldap group suffix = ou=Groups
    ldap user suffix = ou=Users
    ldap machine suffix = ou=Machines


and when i try to add an account it can't find the object:

    # smbpasswd -D10 -am test1$
    [...]
    ldapsam_getsampwnam: Unable to locate user [test1$] count=0
    [...]
    Get_Pwnam_internals didn't find user [test1$]!
    [...]
    Failed to add entry for user test1$.


acording to this thread:

http://lists.samba.org/archive/samba/2006-July/122787.html

group, user and machine suffixes are ignored(!) but in the docs those settings are clearly explained:

http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#LDAPGROUPSUFFIX

i've tried with changing ldap.conf settings and indeed, it works.

so I'm not sure where this bug should be placed because is either a documentation bug or a config parsing bug.

feel free to change it.
Comment 1 Björn Jacke 2017-12-07 11:42:57 UTC 
"ldap user/group suffix" is used to *create* the LDAP objects. LDAP searches are being done at the "ldap suffix" as search base, which obviously also includes the ldap user/group suffix, because this is is subtree of it. This does not contradict the documentation.