[Samba] Re: Novell EDirectory as LDAP backend
Hello, I think this (from sambaAccount) MustContain { uid}, should be MustContain { uniqueId}, since this is a ldap schema to nds conversion and the uid attribute from ldap is mapped to uniqueId in nds. I also added some flags to the password fields. Attached the modified version. regards sv -- -- Submitted by Bruno Gimenes Pereti [EMAIL PROTECTED] mp dot edu dot br -- Modified by Rolf Offermanns rolf.offermanns(at)gmx DOT net -- Modified by Stefan Völkel Stefan.Voelkel(at)millenux DOT com -- -- schema file for Novell's eDirectory 8.6/8.7 -- SambaAccountSchemaExtensions DEFINITIONS ::= BEGIN -- Password hashes lmPassword ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_CI_STRING, Flags { DS_SINGLE_VALUED_ATTR, DS_SIZED_ATTR, DS_SYNC_IMMEDIATE }, LowerBound 0, UpperBound 32, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 1 } } ntPassword ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_CI_STRING, Flags { DS_SINGLE_VALUED_ATTR, DS_SIZED_ATTR, DS_SYNC_IMMEDIATE }, LowerBound 0, UpperBound 32, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 2 } } -- Account flags in string format ([UWDX ]) acctFlags ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_CI_STRING, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 4 } } -- Password timestamps policies pwdLastSet ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 3 } } logonTime ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 5 } } logoffTime ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 6 } } kickoffTime ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 7 } } pwdCanChange ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 8 } } pwdMustChange ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 9 } } -- string settings homeDrive ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_CI_STRING, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 10 } } scriptPath ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_CI_STRING, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 5 1 4 1 7165 2 1 11 } } profilePath ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_CI_STRING, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 12 } } userWorkstations ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_CI_STRING, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 13 } } smbHome ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_CI_STRING, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 17 } } domain ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_CI_STRING, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 18 } } -- user and group RID rid ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 14 } } primaryGroupID ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 15 } } sambaAccount OBJECT-CLASS ::= { Operation ADD, Flags {DS_AUXILIARY_CLASS}, SubClassOf {TOP}, MustContain { uniqueID}, MustContain { rid}, MayContain { CN}, MayContain { lmPassword}, MayContain { ntPassword}, MayContain { pwdLastSet}, MayContain
Re: smb.conf inside ldap
Guenther Deschner wrote: hi, On Tue, Mar 04, 2003 at 04:05:26PM +0100, Stefan Voelkel wrote: Hello, I would like to hold the smb.conf inside an ldap server. Is there any work going on in implementing a ldap-config-file-backend? not that i know. but there was some effort in samba-tng for this. you might have a look in their mail-archives (must be two years ago). They told me that there is no development in this direction. maybe i still have the schema somewhere... any luck? regards Stefan
smb.conf inside ldap
Hello, I would like to hold the smb.conf inside an ldap server. Is there any work going on in implementing a ldap-config-file-backend? Do people already think about a schema for this? If not where can I ask to get help in designing that schema? I thought of something like this: Auxiliary Class: sambaServer (may contain Share) + All those [global] options. Class: Share + All those [share] options. What about extra classes for Printers, Profiles, etc? Where to specify the connection properties of the ldap server (egg/chicken)? regards Stefan
Re: [Samba] Re: Novell EDirectory as LDAP backend
Yes, 8.6.3 on a RH 7.3 to be precise. I am using 8.7 on RH 7.3. Works pretty good. I have not yet tried to integrate cups but user authentification (unix login) is done via pam_ldap, i just have some problems getting password syncronisation running, users can alt-ctrl-del an change their windows password, but I want to set the user unix password too. That works for me, too. Concerning the passwd sync, have a look at the passwd program, passwd chat and unix passwd sync options in smb.conf. Since I use eDirectory with ldap to authenticate users login into the machine, I wanted to use the pam password change = true setting, but I can not change passwords (even with passwd) at all: LDAP password information update failed: DSA is unwilling to perform but that looks like an eDirectory or EPERM problem. The only thing that does not work is to ldapadd or ldif import users with objectClass sambaAccount. sambaAccount is an auxiliary class, i think you do need a real object class (like user). Take a look with the Schema Manager (ConsoleOne) at the user class, and the needed attributes (IIRC there are 4). I have a real object. Are you able to add/import a user object with sambaAccount on your system? If so, can you provide a working ldif sample that works for you. The 2.2.7 smbldap-*.pl scripts do not work for me too. I appended a diff from a working version. I have tried the following w/o success. Create a working posixAccount/sambaAccount user with c1. Export it using the export wizard. Delete the object and try to reimport it. - object class violation Ok that is rather odd ;) -- Stefan Völkel[EMAIL PROTECTED] Millenux GmbH mobile: +49.170.79177.17 Lilienthalstraße 2 phone: +49.711.88770.300 70825 Stuttgart-Korntal fax: +49.711.88770.349 -= linux without limits -=- http://linux.zSeries.org/ =- --- smbldap-useradd.pl Thu Feb 13 15:25:59 2003 +++ /usr/share/doc/samba-2.2.7a/examples/LDAP/smbldap-tools/smbldap-useradd.pl Wed +Dec 11 10:17:23 2002 @@ -1,7 +1,5 @@ #!/usr/bin/perl -# $Id: smbldap-useradd.pl,v 1.23 2002/07/24 11:51:35 gmacinen Exp $ -# # This code was developped by IDEALX (http://IDEALX.org/) and # contributors (their names can be found in the CONTRIBUTORS file). # @@ -159,7 +157,7 @@ $userName .= \$; } -print About to create machine $userName:\n; +#print About to create machine $userName:\n; if (!add_posix_machine ($userName, $userUidNumber, $userGidNumber)) { die $0: error while adding posix account\n; @@ -196,10 +194,10 @@ my $tmpldif = dn: uid=$userName,$usersdn -objectclass: inetOrgPerson +objectclass: top +objectclass: account objectclass: posixAccount cn: $userName -sn: $userName uid: $userName uidNumber: $userUidNumber gidNumber: $userGidNumber @@ -271,7 +269,8 @@ my $tmpldif = dn: uid=$userName,$usersdn changetype: modify -objectClass: inetOrgPerson +objectclass: top +objectclass: account objectclass: posixAccount objectClass: sambaAccount pwdLastSet: 0 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Novell EDirectory as LDAP backend
Hi, is anybody out there who is using Novell Edir. with samba? Yes, 8.6.3 on a RH 7.3 to be precise. I have searched the archive and found some random notes but no real success story. Works pretty good. I have not yet tried to integrate cups but user authentification (unix login) is done via pam_ldap, i just have some problems getting password syncronisation running, users can alt-ctrl-del an change their windows password, but I want to set the user unix password too. The only thing that does not work is to ldapadd or ldif import users with objectClass sambaAccount. sambaAccount is an auxiliary class, i think you do need a real object class (like user). Take a look with the Schema Manager (ConsoleOne) at the user class, and the needed attributes (IIRC there are 4). Adding posixAccount users and then adding the sambaAccount objectClass via Novells ConsoleOne works, so I guess this is a edir. specific problem which is OT here. Check out the Novell News Servers, one is at: support-forums.novell.com by Stefan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba