Re: [Samba] Samba NT4 to AD- LDAP
- Date: Sun, 25 Mar 2018 17:53:31 +1300
- From: Andrew Bartlett via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Samba NT4 to AD- LDAP
On Sat, 2018-03-24 at 20:00 +0000, Rowland Penny via samba wrote:
> On Sun, 25 Mar 2018 08:01:57 +1300
> Andrew Bartlett <abartlet@xxxxxxxxx> wrote:
> > On Sat, 2018-03-24 at 12:50 +0000, Praveen Ghimire via samba wrote:
> > > Hi Rowland,
> > >
> > > I did that initially and that came with
> > > Failed to connect to ldap URL 'ldap://lin-pdc.lin - LDAP client
> > > internal error: NT_STATUS_BAD_NETWORK_NAME Hence I removed the
> > > whole ldap:// bit
> > >
> > > After your email I tried again but using ldap://localhost and it
> > > seems to have worked. Not sure what the issue is with the fqdn. I
> > > could run ldap queries when using fqdn.
> > >
> > This patch should fix it.
> > Praveen can you test it?
> > Rowland, after Praveen has tested it, perhaps you would like to review
> > it? We don't have the infrastructure for a test against the LDAP
> > backend (a long-standing problem) so sadly there is no automatic
> > test.
> > Thanks,
> > Andrew Bartlett
> Hi Andrew,, but what if the ldap server isn't on localhost ?
Then there would have needed to be a server specified in the passdb
> Praveen's smb.conf had this:
> idmap config *: ldap_url = ldap://lin-pdc.lin/
> This is valid, so it looks like the 'idmap config' lines need to be
> parsed as well. Check if 'ldapsam' contains the URL, if not parse the
> 'idmap config' lines for the URL and then, if still not found, fall
> back to 'localhost'
It is unclear to me what exactly what is going on in this configuration
(passdb and idmap should be pointing at the same server in most
However it doesn't change what passdb is pointing at, and for the
moment I don't want to make it more complex, while respecting in python
the default from the C code.
As background: when I wrote the upgrade code I wasn't aware of the
localhost default, as I've always used ldapi:// on local connections.
I hope this clarifies things,
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
To unsubscribe from this list go to the following URL and read the