LDAP user authentication does not work when using Samba 4 as LDAP backend. Samba 4 (as well as MS AD) returns referrals (search continuations) for some objects.
LDAPv3 does not specify which credentials should be used for the search continuations. libldap tries to anonymous bind and do the search continuations, which fails with
Samba 4 (as well as MS AD).
Kolab 16 will fail while authenticating with ldap.OPERATIONS_ERROR and the error message 00002020: Operation unavailable without authentication
The submitted patch is supposed to be used with
REFERRALS off
in /etc/ldap.conf and should not affect any other situations.
Eventually setting LDAP option via
ldap.OPT_REFERRALS, 0
would be an option too, but i can't test at the moment, if there is any impact on non Samba 4 setups.
The change in wallace addresses the same problem, as i got
2017-07-05 12:27:28,566 pykolab.wallace ERROR Module resources.heartbeat() failed with error: Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/wallace/__init__.py", line 89, in modules_heartbeat modules.heartbeat(module, lastrun) File "/usr/lib/python2.7/dist-packages/wallace/modules.py", line 128, in heartbeat return modules[name]['heartbeat'](*args, **kw) File "/usr/lib/python2.7/dist-packages/wallace/module_resources.py", line 438, in heartbeat resource_dns = [dn for dn in resource_dns if resource_base_dn in dn] TypeError: argument of type 'NoneType' is not iterable