Web lists-archives.com

Re: [Samba] Different LDAP query in different DC...




On Wed, 28 Nov 2018 18:11:59 +0100
Marco Gaiarin via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Mandi! Rowland Penny via samba
>   In chel di` si favelave...
> 
> > If an ldap lookup works on every DC, except for one and the data is
> > definitely there on the one DC it doesn't work on, then it must be
> > something on that DC. is there a firewall or apparmor/selinux in the
> > way ?
> 
> No. Anyway, note that query return correctly 'result: 0 Success',
> simply return no data.

That just means the search retuned without error

> Another query to the same DC return data. eg:
> 
>  root@vdmpp1:~# ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D
> CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b
> DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember | grep
> ^rfc822MailMember Enter LDAP Password: root@vdmpp1:~# root@vdmpp1:~#
> ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D
> CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b
> DC=ad,DC=fvg,DC=lnf,DC=it "(uid=gaio)" uid | grep ^uid Enter LDAP
> Password: uid: gaio

> 
> Seems really to me an ACL trouble, note also:
> 
>  root@vdmpp1:~# ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D
> CN=gaio,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it -b
> DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember | grep
> ^rfc822MailMember Enter LDAP Password: rfc822MailMember: gaio
> rfc822MailMember: marco.gaiarin
> 
> But how can i check ACLs data on different DCs?
> 
> 
> > Compare the non-working computer with a working one, is there
> > something different/missing or something set up differently.
> 
> I've checked 'samba-tool testparm', /etc/krb5.conf, /etc/hosts,
> /etc/resolv.conf: all are the same (names and ips docet).
> 

If you run the command:
ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D
CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b
DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)"

Does it produce the entire users object ?

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba