LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   samba4: LDAP memberOf: attribute type undefined (http://www.linuxquestions.org/questions/linux-server-73/samba4-ldap-memberof-attribute-type-undefined-718440/)

touzeaud 04-11-2009 11:49 AM

samba4: LDAP memberOf: attribute type undefined
 
Dear

i'm trying to run samba4 on a Debian lenny with LDAP backend

when execute
slapd -f /etc/samba/ldap/slapd.conf -h ldapi://%2Fetc%2Fsamba%2Fldap%2Fldapi -d4294967295

the slapd server crash with this output :

<<< dnPrettyNormal: <cn=samba-admin,cn=samba>, <cn=samba-admin,cn=samba>
line 57 (refint_attributes nonSecurityMemberBL nonSecurityMember
msDS-NonMembersBL msDS-NonMembers directReports manager
bridgeheadServerListBL bridgeheadTransportList msDS-ObjectReferenceBL
msDS-ObjectReference msCOM-UserLink msCOM-UserPartitionSetLink
msDs-masteredBy msDS-hasMasterNCs siteObjectBL siteObject queryPolicyBL
queryPolicyObject masteredBy hasMasterNCs managedObjects managedBy
serverReferenceBL serverReference memberOf member)
/etc/samba/ldap/slapd.conf: line 57: refint_attributes <memberOf>:
attribute type undefined

lt-slapd destroy: freeing system resources.
slapd stopped.


Did someone have encounter the same problem?
best regards.

irishbitte 04-11-2009 01:20 PM

Can you post your slapd.conf file?

touzeaud 04-11-2009 01:47 PM

1 Attachment(s)
here it is "slpad.txt"

irishbitte 04-11-2009 09:25 PM

Can you post it in [CODE] brackets? Just when I open that file it doesn't wrap correctly.

touzeaud 04-11-2009 09:30 PM

Code:

loglevel 0

### needed for initial content load ###
sizelimit unlimited

### Multimaster-ServerIDs and URLs ###



include /etc/samba/ldap/backend-schema.schema

pidfile                /etc/samba/ldap/slapd.pid
argsfile        /etc/samba/ldap/slapd.args
sasl-realm lenny.company.fr

#authz-regexp
#          uid=([^,]*),cn=lenny.company.fr,cn=digest-md5,cn=auth
#          ldap:///DC=lenny,DC=company,DC=fr??sub?(samAccountName=\$1)

#authz-regexp
#          uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
#          ldap:///DC=lenny,DC=company,DC=fr??sub?(samAccountName=\$1)

authz-regexp
          uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
          ldap:///cn=samba??one?(cn=\$1)

authz-regexp
          uid=([^,]*),cn=([^,]*),cn=ntlm,cn=auth
          ldap:///cn=samba??one?(cn=\$1)

access to dn.base=""
      by dn=cn=samba-admin,cn=samba manage
      by anonymous read
      by * read

access to dn.subtree="cn=samba"
      by anonymous auth

access to dn.subtree="DC=lenny,DC=company,DC=fr"
      by dn=cn=samba-admin,cn=samba manage
      by dn=cn=manager manage
      by * none

password-hash  {CLEARTEXT}

include /etc/samba/ldap/modules.conf

defaultsearchbase DC=lenny,DC=company,DC=fr

rootdn cn=Manager

overlay deref

overlay refint
refint_modifiersName cn=samba-admin,cn=samba
refint_attributes  nonSecurityMemberBL nonSecurityMember msDS-NonMembersBL msDS-NonMembers directReports manager bridgeheadServerListBL bridgeheadTransportList msDS-ObjectReferenceBL msDS-ObjectReference msCOM-UserLink msCOM-UserPartitionSetLink msDs-masteredBy msDS-hasMasterNCs siteObjectBL siteObject queryPolicyBL queryPolicyObject masteredBy hasMasterNCs managedObjects managedBy serverReferenceBL serverReference memberOf member


# Generated from schema in /etc/samba/ldap/schema-tmp.ldb
overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad nonSecurityMember
memberof-memberof-ad nonSecurityMemberBL
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad msDS-NonMembers
memberof-memberof-ad msDS-NonMembersBL
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad manager
memberof-memberof-ad directReports
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad bridgeheadTransportList
memberof-memberof-ad bridgeheadServerListBL
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad msDS-ObjectReference
memberof-memberof-ad msDS-ObjectReferenceBL
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad msCOM-UserPartitionSetLink
memberof-memberof-ad msCOM-UserLink
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad msDS-hasMasterNCs
memberof-memberof-ad msDs-masteredBy
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad siteObject
memberof-memberof-ad siteObjectBL
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad queryPolicyObject
memberof-memberof-ad queryPolicyBL
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad hasMasterNCs
memberof-memberof-ad masteredBy
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad managedBy
memberof-memberof-ad managedObjects
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad serverReference
memberof-memberof-ad serverReferenceBL
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad member
memberof-memberof-ad memberOf
memberof-dangling-error 32



database        ldif
suffix                cn=Samba
directory      /etc/samba/ldap/db/samba
rootdn          cn=Manager,cn=Samba

########################################
## olc - configuration ###





########################################
### cn=schema ###
database        hdb
suffix                CN=Schema,CN=Configuration,DC=lenny,DC=company,DC=fr
rootdn          cn=Manager,CN=Schema,CN=Configuration,DC=lenny,DC=company,DC=fr
directory        /etc/samba/ldap/db/schema
index          objectClass eq
index          samAccountName eq
index name eq
index objectCategory eq
index lDAPDisplayName eq
index subClassOf eq
index cn eq
index entryUUID,entryCSN eq

#syncprov is stable in OpenLDAP 2.3, and available in 2.2. 
#We need this for the contextCSN attribute and mmr.
overlay syncprov
syncprov-sessionlog 100
syncprov-checkpoint 100 10


### Multimaster-Replication of cn=schema Subcontext ###



#########################################
### cn=config ###
database        hdb
suffix                CN=Configuration,DC=lenny,DC=company,DC=fr
rootdn          cn=Manager,CN=Configuration,DC=lenny,DC=company,DC=fr
directory        /etc/samba/ldap/db/config
index          objectClass eq
index          samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index nCName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
index cn eq
index entryUUID,entryCSN eq

#syncprov is stable in OpenLDAP 2.3, and available in 2.2. 
#We need this for the contextCSN attribute and mmr.
overlay syncprov
syncprov-sessionlog 100
syncprov-checkpoint 100 10

### Multimaster-Replication of cn=config Subcontext ###



########################################
### cn=users /base-dn  ###
database        hdb
suffix                DC=lenny,DC=company,DC=fr
rootdn          cn=Manager,DC=lenny,DC=company,DC=fr
directory        /etc/samba/ldap/db/user
index          objectClass eq
index          samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index member eq
index uidNumber eq
index gidNumber eq
index nCName eq
index lDAPDisplayName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
index cn eq
index entryUUID,entryCSN eq

#syncprov is stable in OpenLDAP 2.3, and available in 2.2. 
#We need this for the contextCSN attribute and mmr.
overlay syncprov
syncprov-sessionlog 100
syncprov-checkpoint 100 10

### Multimaster-Replication of cn=user/base-dn context ###


irishbitte 04-12-2009 12:02 AM

Ok, so your error is occurring in this line:

Quote:

refint_attributes nonSecurityMemberBL nonSecurityMember msDS-NonMembersBL msDS-NonMembers directReports manager bridgeheadServerListBL bridgeheadTransportList msDS-ObjectReferenceBL msDS-ObjectReference msCOM-UserLink msCOM-UserPartitionSetLink msDs-masteredBy msDS-hasMasterNCs siteObjectBL siteObject queryPolicyBL queryPolicyObject masteredBy hasMasterNCs managedObjects managedBy serverReferenceBL serverReference memberOf member
And the error you are getting is
Quote:

lt-slapd destroy: freeing system resources.
slapd stopped.
right?

Well, the first thing I would look at is the output from
Code:

top
in a separate console as you execute the
Code:

slapd -f /etc/samba/ldap/slapd.conf -h ldapi://%2Fetc%2Fsamba%2Fldap%2Fldapi -d4294967295
command. Next thing I would look at is the syntax of that
command.

irishbitte 04-12-2009 12:06 AM

Oh yes, and will you check that the slapd daemon is actually running before you run the command?

touzeaud 04-12-2009 08:15 AM

sure, there are no conflicts between the standard slpad server and the samba slapi server because they using different parameters

The standard slapd use /var/lib/ldap and 389 port
The samba use /etc/samba/ldap/db and slapi unix socket.

I think perhaps there is a openldap schema error but i don't know.

Currently the samba mailing list is very silent about this problem.

Here it my procedure to install Samba4, perhaps missing something

--------------------------------------------------
Install these packages in order to complete the sources:
Code:

apt-get install libgnutls-dev libwrap0-dev unixodbc-dev libsasl2-dev libslp-dev libperl-dev
*Compiling LDAP server

cd /root
wget ftp://ftp.openldap.org/pub/OpenLDAP/...dap-2.4.16.tgz
Code:

tar -xf openldap-2.4.16.tgz
./configure --prefix=/usr --libexecdir='${prefix}/lib' --sysconfdir=/etc --localstatedir=/var --mandir='${prefix}/share/man' --enable-debug --enable-dynamic --enable-syslog --enable-proctitle --enable-ipv6 --enable-local --enable-slapd --enable-aci --enable-cleartext --enable-crypt --disable-lmpasswd --enable-spasswd --enable-modules --enable-deref=mod --enable-refint=yes --enable-rewrite --enable-rlookups --enable-slapi --enable-slp --enable-wrappers --enable-backends=mod --disable-ndb --enable-overlays=yes --with-subdir=ldap --with-cyrus-sasl --with-threads --with-tls=gnutls --with-odbc=unixodbc --enable-hdb=yes
make && make install

check the presence of the module : /usr/lib/ldap/refint.la
check the presence of the module : /usr/lib/ldap/deref.la


Prepare the computer :
The computer netbios name must be compliance : lenny.company.tld
Has "lenny" is your computer netbios name and company.tld is your main domain

Install additional packages in order to compile:
Code:

apt-get install autoconf python-dev

wget http://us5.samba.org/samba/ftp/samba4/samba-4.0.0alpha7.tar.gz
tar -xf samba-4.0.0alpha7.tar.gz -C /root
cd /root/samba-4.0.0alpha7/source4
./autogen.sh
./configure --enable-shared --enable-static --prefix=/usr --sysconfdir=/etc --libdir=/etc/samba --with-privatedir=/etc/samba --with-piddir=/var/run/samba --localstatedir=/var --enable-fhs --enable-automatic-dependencies
make
make install

modify /etc/samba/smb.conf with
Code:

[global]
realm = LENNY.COMPANY.TLD
WORKGROUP=company.tld

Don't forget the uppercase on realm attribute.

Execute
Code:

/root/samba-4.0.0alpha7/source4/setup/provision-backend --realm=lenny.company.tld --ldap-admin-pass=secret --ldap-backend-type=openldap --server-role='domain controller' --domain=COMPANY.TLD
i'm stopped at this point by running
lapd -f /etc/samba/ldap/slapd.conf -h ldapi://%2Fetc%2Fsamba%2Fldap%2Fldapi -d4294967295

irishbitte 04-13-2009 02:13 PM

Well, I think the problem you are having may be related to trying to get your own ldap server running in samba. Would you try installing samba4 using your package manager?

This is a link for the experimental packages list for debian: http://packages.debian.org/experimen...ommon/download

This is a link to a Debian HOWTO:
http://wiki.samba.org/index.php/Samba4/HOWTO

touzeaud 04-13-2009 05:36 PM

Sure but the installation procedure has been followed and the debian package did not provide the latest version.
The problem that i didn't know where i missed something

irishbitte 04-13-2009 08:03 PM

Ok, you're beyond my expertise so. Samba4 is a complex beast, going on what you've said in previous posts:
Quote:

sure, there are no conflicts between the standard slpad server and the samba slapi server because they using different parameters
I'm guessing you're trying this on a production machine. Can you install a fresh version of lenny in a virtual machine, and try testing Samba4 on there?


All times are GMT -5. The time now is 03:53 AM.