Hi everyone, I am definitely new to the list, openLDAP, Ldap in general, nssswitch, shadow, samba etc, but heck, we all have to start somewhere. Not really -that- new to application code, but yeah, I'm kinda young and working at an amateur/unemployed small business level, so by default yeah .. technical noob alert...

I am having problems finding out why domain login is failing:

Up until now I have had pretty good luck being able to figure out how to, for example, Get Ldap and nsswitch running well enough that ldap authenticates my ssh sessions against shadow.. Get a valid sambaSID or objectClass: sambaSamAccount into an ldif without relying on the smbldap_tools library, or writing new acls to put the samba domain admin in a different ou=. (This is why I am trying to work around smbldap_tools, of course I could probably change the UID) I have been through slapd.conf loglevel -1 all day long watching it request attributes that weren't in the ldif, I cannot see yet where in smbldap_tools it decides it needs root's uid, but it goes ahead and uses it to write updates even though there is another user with write access to the right attributes)

I can join windows machines to the samba workgroup MYDOMAIN, and be given an opportunity to login to the samba server, so despite the weird unupported things I do, perhaps senselessly, I -think- I have the premise correct..

So I think this is failing on a bdb_index_read: failed (-30988) report.

If anyone is still with me, thanks a ton.

Before I go nuts enough to post the parts of slapd logging output I am pretty sure are okay, this is what the probable problems are: It just seems that uid=testuser and objectClass=sambaSamAccount should match this con=1011 string and the next time it fails it should be for the next problem Ill have, and not this one.

May 14 00:13:34 localhost slapd[30055] => conn=1011 op=3 SRCH base="dc=MYDOMAIN,dc=com" scope=2 deref=0 filter="(&(uid=testuser)(objectClass=sambaSamAccount))" . . . May 13 00:13:34 localhost slapd[30055]: => slap_access_allowed: search access granted by read(=rscxd) May 13 00:13:34 localhost slapd[30055]: => access_allowed: search access granted by read(=rscxd) May 13 00:13:34 localhost slapd[30055]: search_candidates: base="dc=MYDOMAIN.dc=com" (0x00000001) scope=2 . . . May 13 00:13:34 localhost slapd[30055]: <= bdb_index_read: failed (-30988)

and of course, the ldif I think it should be matching:

dn: cn=testuser,ou=People,dc=MYDOMAIN,dc=com changetype: add objectClass: inetOrgPerson sn: testuser uid: testuser sambaSID: S-1-5-21-28598429-1396753209-3957328313-513 objectClass: sambaSamAccount sambaDomainName: MYDOMAIN

Again, thanks. I look forward to seeing the list traffic every day, and yet more slapd -1 logs