# [SOLVED] smbldap-groupadd fails to add new group

## dahoste

I've got a system that authenticates via LDAP, and is generally working fine.  I just tried to add a new group, however, and get the following:

```
smbldap-groupadd vboxusers

Error: Unknown error at /usr/sbin//smbldap_tools.pm line 1056.

```

I looked at the smbldap_tools.pm file at line 1056, and it didn't reveal any mystery.  Looks like it may have something to do with the gid...  So I tried adding it with an explicit gid number, and get this:

```
smbldap-groupadd -g 1006 vboxusers

failed to add entry: index generation failed at /usr/sbin//smbldap_tools.pm line 724.
```

That's right after a $ldap->add() call, and after the failure, it seems to leave nscd stopped.

Other smbldap commands are working fine (smbldap-groupshow, smbldap-usershow, etc.), so I'm pretty sure that smbldap.conf is configured correctly (plus I haven't changed it since I originally got everything working).

Here's some version info:

```
[ebuild   R   ] net-nds/openldap-2.3.38  USE="berkdb crypt gdbm kerberos perl readline samba ssl tcpd -debug -ipv6 -minimal -odbc -overlays -sasl (-selinux) -slp -smbkrb5passwd" 3,714 kB 

[ebuild   R   ] net-fs/samba-3.0.24-r3  USE="acl cups fam kerberos ldap pam python readline -async -automount -caps -doc -examples -oav -quotas (-selinux) -swat -syslog -winbind" LINGUAS="-ja -pl" 17,308 kB 

[ebuild   R   ] net-nds/smbldap-tools-0.9.2a  USE="-doc" 293 kB 

```

The group I tried to add is *NOT* in /etc/group (and I tried different group names, anyway, once it failed).  It's been a long time since I've added a new group, so I honestly don't know when this issue might have first manifested.

Any ideas?

----------

## dahoste

oops.  Well, finally an easy one to solve.  Turns out there were some spurious 'root' file permissions on the /var/lib/openldap-data contents preventing slapd from making changes to the ldap db, but not from reading it.  I stopped slapd, did a quick 'chmod ldap:ldap *', and restarted slapd and all appears to be well.  The file permissions got changed when I had to recover from a wedged database just prior to this.   Unfortunately, the initial error messages didn't say anything about permissions, and were totally misleading, or this would have been obvious from the start.  Oh well.  My bad.  I've got 'chmod ldap:ldap' right there in my personal ldap how-to, but wasn't careful when I did the db recovery.

----------

