Please keep replies on the mailing list.
On Tue, Nov 14, 2006 at 06:12:18PM +0100, Pierangelo Masarati wrote:This question has been asked (and answered!) so many times... OpenLDAP tools solve the problem of authenticated referral chasing by delegating it to the user. They simply return a referral and don't even try to chase it anonymously (as supposed to be useless for writes) nor by propagating credentials to the referred DSA (it would be a very poor decision, as the client has no means to determine whether the referred DSA is trusted or not; or, whenever distributed authentication is implemented, it is very likely that the referred DSA has no means to authenticate an otherwise valid user for the initially contacted DSA.Apparently, your client tries to chase referrals anonymously, and this fails as expected. I don't see any software malfunction here (on the OpenLDAP side, at least); there might be a missing or misimplemented feature in the client, though.
Ok. I try on slave side Client message
-------------------------------------------------------------------------
#ldapadd -W -x -D "cn=root,dc=dgb,dc=local" -f bbb1.ldif
#Enter password:
adding new entry "uid=bbb1,ou=users,dc=dgb,dc=local"
ldap_add: Referral (10)
refferals:
ldap://ldap.dgb.local/uid=bbb1,ou=users,dc=dgb,dc=local
-------------------------------------------------------------------------
Server message (loglevel stats sycn)
-------------------------------------------------------------------------
Nov 15 09:10:51 casablanca slapd[63235]: conn=863 fd=12 ACCEPT from IP=127.0.0.1:61526 (IP=0.0.0.0:389)
Nov 15 09:10:51 casablanca slapd[63235]: conn=863 op=0 BIND dn="cn=root,dc=dgb,dc=local" method=128
Nov 15 09:10:51 casablanca slapd[63235]: conn=863 op=0 BIND dn="cn=root,dc=dgb,dc=local" mech=SIMPLE ssf=0
Nov 15 09:10:51 casablanca slapd[63235]: conn=863 op=0 RESULT tag=97 err=0 text=
Nov 15 09:10:51 casablanca slapd[63235]: conn=863 op=1 ADD dn="uid=bbb1,ou=users,dc=dgb,dc=local"
Nov 15 09:10:51 casablanca slapd[63235]: conn=863 op=1 RESULT tag=105 err=10 text=
Nov 15 09:10:51 casablanca slapd[63235]: conn=863 op=2 UNBIND
Nov 15 09:10:51 casablanca slapd[63235]: conn=863 fd=12 closed
---------------------------------------------------------------------------
And from master side i look tcmpdump and not received any packets.
This is native ldapadd. :(
I think OpenLDAP has little to do with smbldap-useradd; however, it looks like that that tool is working as expected, since it behaves the same as ldapadd...
When i try use smbldap-useradd i got: ------------------------client message------------------------------------- smbldap-useradd bbb2 Error: Referral received at /usr/local/lib/perl5/site_perl/5.8.8/smbldap_tools.pm line 1056 ----------------------------------------------------------------------------
--------------------------server message------------------------------------ Nov 15 09:40:24 casablanca slapd[63235]: conn=885 fd=21 ACCEPT from IP=127.0.0.1:50523 (IP=0.0.0.0:389) Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=0 BIND dn="cn=root,dc=dgb,dc=local" method=128 Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=0 BIND dn="cn=root,dc=dgb,dc=local" mech=SIMPLE ssf=0 Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=0 RESULT tag=97 err=0 text= Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=1 SRCH base="dc=dgb,dc=local" scope=2 deref=2 filter="(&(objectClass=posixAccount)(uid=bbb2))" Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=2 SRCH base="sambaDomainName=dgb,dc=dgb,dc=local" scope=0 deref=2 filter="(objectClass=sambaUnixIdPool)" Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=3 MOD dn="sambaDomainName=dgb,dc=dgb,dc=local" Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=3 MOD attr=uidNumber Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=3 RESULT tag=103 err=10 text= Nov 15 09:40:24 casablanca slapd[63235]: conn=885 fd=21 closed (connection lost) ------------------------------------------------------------------------------
And again any packets on master side.
I should solve a problem of synchronization of passwords for samba from slave to master LDAP. And not find the decision. :(
Help me please.... :) Where i am mistaken?
p.