LDAP and Samba

[numkem]

After viewing all the post that i could find for this problem, i still can't find an explanation of why i can't :

1 - Get LDAP to read the schema for samba
2 - Get rid of the "invalid DN" error in Samba's log

I followed Greg's guide from the wiki for the installation process.

/opt/zimbra/conf/slapd.conf.in

Code:

# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
#ucdata-path    "/opt/zimbra/openldap/ucdata"
include         "/opt/zimbra/openldap/etc/openldap/schema/core.schema"
include         "/opt/zimbra/openldap/etc/openldap/schema/cosine.schema"
include     "/opt/zimbra/openldap/etc/openldap/schema/inetorgperson.schema"
include         "/opt/zimbra/openldap/etc/openldap/schema/amavisd.schema"
include         "/opt/zimbra/openldap/etc/openldap/schema/zimbra.schema"
include         "/opt/zimbra/lib/conf/zimbra-ext.schema"
include         "/opt/zimbra/openldap/etc/openldap/schema/nis.schema"
include         "/opt/zimbra/openldap/etc/openldap/schema/samba.schema"

[...]

TLSCertificateFile /opt/zimbra/conf/slapd.crt
TLSCertificateKeyFile /opt/zimbra/conf/slapd.key
TLSVerifyClient never

#indexes for PAM
index uidNumber             eq
index gidNumber             eq
index memberUID             eq

#indexes for Samba
index sambaSID              eq
index sambaPrimaryGroupSID  eq
index sambaDomainName       eq

ls -l /opt/zimbra/openldap/etc/openldap/schema/

Code:

-rw-r--r-- 1 zimbra zimbra  32161 2007-04-18 18:39 amavisd.schema
-r--r--r-- 1 zimbra zimbra   8231 2007-03-12 14:37 corba.schema
-r--r--r-- 1 zimbra zimbra  20591 2007-03-12 14:37 core.ldif
-r--r--r-- 1 zimbra zimbra  19762 2007-03-12 14:37 core.schema
-r--r--r-- 1 zimbra zimbra  74080 2007-03-12 14:37 cosine.schema
-r--r--r-- 1 zimbra zimbra   1553 2007-03-12 14:37 dyngroup.schema
-r--r--r-- 1 zimbra zimbra   6360 2007-03-12 14:37 inetorgperson.schema
-r--r--r-- 1 zimbra zimbra  13984 2007-03-12 14:37 java.schema
-r--r--r-- 1 zimbra zimbra   2471 2007-03-12 14:37 misc.schema
-r--r--r-- 1 zimbra zimbra   7723 2007-03-12 14:37 nis.schema
-r--r--r-- 1 zimbra zimbra   3391 2007-03-12 14:37 openldap.ldif
-r--r--r-- 1 zimbra zimbra   1601 2007-03-12 14:37 openldap.schema
-r--r--r-- 1 zimbra zimbra  19689 2007-03-12 14:37 ppolicy.schema
-r--r--r-- 1 zimbra zimbra   2968 2007-03-12 14:37 README
-rw-r--r-- 1 zimbra zimbra  19058 2005-12-29 15:45 samba.schema
-r--r--r-- 1 zimbra zimbra     49 2007-04-18 18:39 zimbra-ext.schema
-r--r--r-- 1 zimbra zimbra    962 2007-04-18 18:39 zimbra-hsm.schema
-rw-r--r-- 1 zimbra zimbra 145468 2007-04-18 18:39 zimbra.schema

For Samba, i use the one shipped with the OS, in my case Ubuntu 6.10. smb.conf is the same as in the wiki with the only difference of the prefix.

Thanks in advance.

[penguinknight]

Did you copy and paste the two lines that include the schema's?
I noticed that when I did this the characters were not recognized correctly. I had to delete the quotes and re-create them to get it to properly read the file as there.

include "/opt/zimbra/openldap/etc/openldap/schema/nis.schema"
include "/opt/zimbra/openldap/etc/openldap/schema/samba.schema"

There are a lot of little things that can get you stuck in that guide. I learned that I need to read guides slower because he has some stuff that he says really quickly that I passed over that caused me a lot of grief.

[numkem]

That actually helped! Thanks!

Looks like the schema was loaded because now i can see my domain in the administration interface. But i'm still getting these kinds of errors when i'm trying to create a posix group :

Code:

[LDAP: error code 65 - object class 'sambaGroupMapping' requires attribute 'sambaSID']

By my guess, looks like the schema is loaded but the directory wasnt modified according to the schema. If i remember correctly samba was supposed to make the entries into the directory, after restarting the service, no luck and no word about it in the logs.

[numkem]

Bump for luck, still havent figured why its still isnt working.

[penguinknight]

Were you installing this on a live server with data?

If not I would start over.

Although one thing you could try is to remove all servers and groups from samba and postix because it sounds like samba was able to communicate with your server enough to enter it's information into it's LDAP but not enough to...well....work since the schema wasn't loaded correctly.

This is all a guess however.

I had to go through the guide 3 times to get it to work, but in the end it certainly did work.

Good luck

[Greg]

Quote:

Originally Posted by numkem

Bump for luck, still havent figured why its still isnt working.

Looks like the samba zimlet isn't working or you forgot to fill in the fields on the Samba tab

[numkem]

I tried filling the fields by hand for before i managed to get Samba to read the schema file. I filled the domain name in lowercase the first time, than when the Samba read the file, it put another domain with the same domain name but this time in full uppercase.

[Greg]

Quote:

Originally Posted by numkem

I tried filling the fields by hand for before i managed to get Samba to read the schema file. I filled the domain name in lowercase the first time, than when the Samba read the file, it put another domain with the same domain name but this time in full uppercase.

What you need for this feature to work is to fill the sambaSID field. When you have a sambaDomain record in your LDAP, the extension will find this record and show it in the drop down lists of domains. If this is not happening, then, most likely, the extension cannot find the sambaDomain record. Do any samba domains show up in Samba Domains list (this is different from Domains list)?

[Greg]

Quote:

Originally Posted by penguinknight

There are a lot of little things that can get you stuck in that guide. I learned that I need to read guides slower because he has some stuff that he says really quickly that I passed over that caused me a lot of grief.

LOL, although the guide is long, I tried to make it as short as possible. Hence, every step in the guide is important.

[DVan]

FYI This is one of the reasons I gave up on the Samba/Posix zimlets. The Samba SID wouldn't show up for Samba Domains drop down list for the user accounts (new or old) and it wasn't an editable field. My SambaDomain and SID was listed under the Admin extension, just couldn't do it for the user.

The other issue was the fact that the required settings for Samba accounts in Zimbra aren't actually required settings for Samba (Profile paths). It would make more sense to follow the Must and May listings in the Samba.schema file for what is a required attribute and what isn't in order to make it more usable in future revisions. I still think the concept of having Samba in Zimbra is great as a whole, and this was certainly an excellent first release.