smbldap-useradd fails to authenticate to allow changes to LDAP server
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
smbldap-tools (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: smbldap-tools
Description: Ubuntu 10.04.1 LTS
Release: 10.04
smbldap-tools:
Installed: 0.9.5-1
Candidate: 0.9.5-1
Version table:
*** 0.9.5-1 0
500 http://
100 /var/lib/
I have an OpenLDAP server that was originally set up with Ubuntu 7 or 8. We recently upgraded to Ubuntu 10.04 and recently noticed that we are no longer able to add users using smbldap-useradd. The error we get is:
$ smbldap-useradd -a pat
Error: modifications require authentication at /usr/share/
I have the proper credentials set up in /etc/smbldap-
Since I'm able to add and remove users using phpldapadmin, I should be able to do the same through smbldap-useradd.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: smbldap-tools 0.9.5-1
ProcVersionSign
Uname: Linux 2.6.32-24-server x86_64
Architecture: amd64
Date: Mon Nov 22 13:25:27 2010
InstallationMedia: Ubuntu-Server 10.04.1 LTS "Lucid Lynx" - Release amd64 (20100816.2)
PackageArchitec
ProcEnviron:
LANG=en_CA.UTF-8
SHELL=/bin/bash
SourcePackage: smbldap-tools
I had the same problem, and it turned out I had made a silly mistake in my /etc/smbldap- tools/smbldap_ bind.conf file. The password was correct, but the DN entries started with "dc=admin, ..." instead of "cn=admin, ...".
In the end, what helped me find the problem was to add the "stats" loglevel to the slapd config. This showed the following in the logs:
Feb 2 11:50:27 lenny1 slapd[5502]: conn=150 op=0 BIND dn="dc= admin,dc= example, dc=com" method=128
Feb 2 11:50:27 lenny1 slapd[5502]: conn=150 op=0 RESULT tag=97 err=49 text=
After this error, the smbldap-useradd continued and failed with the next error. If it had stopped right there, it would have been much easier to find the problem.
So in my case, I believe the bug would be that smbldap-useradd continues after failing to bind as admin, and then reports a misleading error at the next step.