Web lists-archives.com

Re: [Samba] Samba NT4 to AD- LDAP




On Sat, 2018-03-24 at 20:00 +0000, Rowland Penny via samba wrote:
> On Sun, 25 Mar 2018 08:01:57 +1300
> Andrew Bartlett <abartlet@xxxxxxxxx> wrote:
> 
> > On Sat, 2018-03-24 at 12:50 +0000, Praveen Ghimire via samba wrote:
> > > Hi Rowland,
> > > 
> > > I did that initially and that came with 
> > > Failed to connect to ldap URL 'ldap://lin-pdc.lin - LDAP client
> > > internal error: NT_STATUS_BAD_NETWORK_NAME Hence I removed the
> > > whole ldap:// bit
> > > 
> > > After your email I tried again but using ldap://localhost and it
> > > seems to have worked. Not sure what the issue is with the fqdn. I
> > > could run ldap queries when using fqdn.
> > > 
> > 
> > This patch should fix it.
> > 
> > Praveen can you test it?  
> > 
> > Rowland, after Praveen has tested it, perhaps you would like to review
> > it?  We don't have the infrastructure for a test against the LDAP
> > backend (a long-standing problem) so sadly there is no automatic
> > test. 
> > 
> > Thanks,
> > 
> > Andrew Bartlett
> > 
> 
> Hi Andrew,, but what if the ldap server isn't on localhost ?

Then there would have needed to be a server specified in the passdb
backend option. 

> Praveen's smb.conf had this:
> 
> idmap config *: ldap_url = ldap://lin-pdc.lin/
> 
> This is valid, so it looks like the 'idmap config' lines need to be
> parsed as well. Check if 'ldapsam' contains the URL, if not parse the
> 'idmap config' lines for the URL and then, if still not found, fall
> back to 'localhost'

It is unclear to me what exactly what is going on in this configuration
(passdb and idmap should be pointing at the same server in most
configurations).  

However it doesn't change what passdb is pointing at, and for the
moment I don't want to make it more complex, while respecting in python
the default from the C code.  

As background: when I wrote the upgrade code I wasn't aware of the
localhost default, as I've always used ldapi:// on local connections.

I hope this clarifies things,

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba