Hallo,
da es mir als neuem User nicht möglich ist, meine Anfrage (und bug report?) in das 9.2 Forum zu stellen, stelle ich meine Frage hier (allerdings kann ich in diesem Forum keine Bilder anhängen, ist aber im Text beschrieben):
we are trying to connect Ricoh Multifunction Printers (MFPs) for authentification to SME Servers used in schools. Since the base of the installations run on SME 8.0 we started migrating to 9.2, to use the ldap connectivity.
Specifically the Ricohs use AD, so we are going to use a handler to convert to LDAP.
Unfortunately we don't really understand which of the variants of ldap is the right one to connect to a MFP:
1. We spent some effort activating "LDAP authentication" on a fresh installed 9.2 server (we did so several times) and "reliably" can not activate any users we create at this point since we cannot change the password (and we tried many). Now I am asking myself if this "feature" is obolete? See description description and logs below and attachements.
2. As I see there also is the "LDAP authentication for applications" is it to be used with or alternatively to "LDAP authentication"?
3. Perhaps there is even more "ldapping" right on board by default I am not aware of?
About the way "LDAP authentication" on a fresh installed and updated SME 9.2:
1. Installation of SME 9.2
2. Installing Updates (via yum... restart)
3. Enabling LDAP Authentication (db configuration setprop ldap Authentication enabled)
4. Using server-manager from a wired PC in the same subnet.
5. When we create a user it is locked. This is signaled by "account locked". If we try to enter an initial password, the input is "done" but after input the right side of the sme-manager screen stays blank, no acknowledgement of a password change. Same behaviour in IE 11 and Firefox ESR 68.2.
I tried to get some information from the logs. In /var/log/messages I find:
Nov 6 13:08:02 server4 esmith::event[2716]: Could not lock (smb) password for test
/var/log/messages
[root@server4 ~]# cat /var/log/messages | grep passw
Nov 6 11:41:36 server4 esmith::event[1101]: expanding /etc/pam.d/passwd
Nov 6 11:41:37 server4 esmith::event[1101]: expanding /var/service/mysqld/set.password
Nov 6 11:41:38 server4 esmith::event[1101]: Running event handler: /etc/e-smith/events/bootstrap-console-save/S06store-ldap-smbpasswd
Nov 6 11:41:39 server4 esmith::event[1101]: Setting stored password for "cn=root,dc=it-server4,dc=de" in secrets.tdb
Nov 6 11:41:39 server4 esmith::event[1101]: S06store-ldap-smbpasswd=action|Event|bootstrap-console-save|Action|S06store-ldap-smbpasswd|Start|1573036898 716771|End|1573036899 117754|Elapsed|0.400983
Nov 6 11:42:11 server4 esmith::event[1962]: Running event handler: /etc/e-smith/events/bootstrap-ldap-save/S06store-ldap-smbpasswd
Nov 6 11:42:11 server4 esmith::event[1962]: Setting stored password for "cn=root,dc=it-server4,dc=de" in secrets.tdb
Nov 6 11:42:11 server4 esmith::event[1962]: S06store-ldap-smbpasswd=action|Event|bootstrap-ldap-save|Action|S06store-ldap-smbpasswd|Start|1573036931 623804|End|1573036931 680594|Elapsed|0.05679
Nov 6 11:42:11 server4 esmith::event[1962]: Running event handler: /etc/e-smith/events/bootstrap-ldap-save/S15user-lock-passwd
Nov 6 11:42:12 server4 esmith::event[1962]: S15user-lock-passwd=action|Event|bootstrap-ldap-save|Action|S15user-lock-passwd|Start|1573036931 680923|End|1573036932 544497|Elapsed|0.863574
Nov 6 13:08:02 server4 esmith::event[2716]: Could not lock (smb) password for test
/var/log/ldap/current log:
[root@server4 ~]# cat /var/log/ldap/current | grep test
@400000005dc2b7ac0352b34c 5dc2b7a2 conn=1077 op=1 ADD dn="cn=test,ou=Groups,dc=it-server4,dc=de"
@400000005dc2b7ac0edf59a4 5dc2b7a2 conn=1078 op=5 ADD dn="uid=test,ou=Users,dc=it-server4,dc=de"
@400000005dc2b7ac250c65dc 5dc2b7a2 conn=1079 op=1 SRCH base="ou=Groups,dc=it-server4,dc=de" scope=2 deref=0 filter="(&(objectClass=posixGroup)(memberUid=test))"
@400000005dc2b7ac2512805c 5dc2b7a2 conn=1079 op=3 SRCH base="ou=Groups,dc=it-server4,dc=de" scope=2 deref=0 filter="(&(objectClass=posixGroup)(memberUid=test))"
@400000005dc2b7ac2760e114 5dc2b7a2 conn=1079 op=5 SRCH base="ou=Users,dc=it-server4,dc=de" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=test))"
@400000005dc2b7ac2bf165b4 5dc2b7a2 conn=1079 op=8 MOD dn="uid=test,ou=Users,dc=it-server4,dc=de"
@400000005dc2b7ac30e1929c 5dc2b7a2 conn=1080 op=3 SRCH base="dc=it-server4,dc=de" scope=2 deref=0 filter="(&(uid=test)(objectClass=sambaSamAccount))"
@400000005dc2b7d82c009c3c 5dc2b7ce conn=1088 op=1 SRCH base="ou=Users,dc=it-server4,dc=de" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=test))"
@400000005dc2b7d82c87dd3c 5dc2b7ce conn=1089 op=3 SRCH base="dc=it-server4,dc=de" scope=2 deref=0 filter="(&(uid=test)(objectClass=sambaSamAccount))"
@400000005dc2b8500b8d8adc 5dc2b846 conn=1092 op=1 SRCH base="ou=Users,dc=it-server4,dc=de" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=test))"
@400000005dc2b8500c054734 5dc2b846 conn=1093 op=3 SRCH base="dc=it-server4,dc=de" scope=2 deref=0 filter="(&(uid=test)(objectClass=sambaSamAccount))"