I have been fighting all week trying to get Samba 3.0 and LDAP 3.0 working on a openSUSE 10.2 server. I got it working once; I was rebuilding it again for the practice.

I kept getting these errors whenever I ran smbldap-populate, depending on whether or not I started with a clean LDAP database (clean LDAP database == ‘rm /var/lib/ldap/*’):

“failed to add entry: naming attribute ’sambaDomainName’ is not present in entry at /usr/local/sbin/smbldap-populate line 495, line 21.”

or

“failed to modify entry: structural object class modification from ’sambaDomain’ to ‘inetOrgPerson’ not allowed at /usr/local/sbin/smbldap-populate line 488, line 21.”

I RTFMed, I Googled, I searched through the O’Reilly Zoo, I even fired up the Perl debugger and stepped through smbldap-populate! I found nothing that helped.

The problem was this: in my /etc/samba/smb.conf file, the workgroup was defined thusly:

workgroup = fubar

but in /etc/smbldap-tools/smbldap.conf, the pertinent line is:

sambaUnixIdPooldn="sambaDomainName=fubar,${suffix}"

See the problem? Of course you don’t! I didn’t see it all week until I was looking at the smb.conf file under vimdiff! There’s a space after the word fubar in the workgroup line!

It turns out the two entries have to be EXACT. To LDAP/smbldap-tools, ‘fubar ‘ (with a space) and ‘fubar’ (without a space) are two different strings!

I don’t know about you, but I figured Perl could handle a space at the end of a line.

Let me know if this helps you out.

Technorati Tags: ldap, samba, sambaDomainName

Tags: ldap samba sambaDomainName

Posted on Friday, June 20th, 2008 at 12:44 am under Linux administration, system administration and tagged: ldap > samba > sambaDomainName. Comment RSS 2.0 feed. Comment, or trackback.