> > Since it seems you're using an LDAP backend, check your group objects > for > > each of the groups you list above (products, man, domadmin, domuser). > > Remove the samba attributes/objectclass from those groups that are > > incorrectly mapped, I would assume those are the products and man > groups. > > > > > > > > yes i'm using ldap backend, but i can't delete the attributes or > objectclass, for example the sambaGroupMapping, i obtain the error: > > attribute 'sambaGroupType' not allowed].
You need to delete ALL the attributes that are allowed only by the sambaGroupMapping in order to still have a valid LDAP object syntax. It sounds like you need a good LDAP primer course, but I'll try to give you enough to get you going in this case... Hopefully your LDAP browser gives you a schema view, if not I suggest you find one that does. Gq will, you can get there with phpLDAPAdmin, I'm sure there are others. Look at your object and determine your objectclasses. You need to look at each one and determine where your attributes are derived from, anything that is ONLY in sambaGroupMapping must go. In this object: dn: cn=itadmin,ou=Group,dc=ae-solutions,dc=com objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping cn: itadmin gidNumber: 2027 sambaSID: S-1-5-21-112718084-1284083569-2990761952-5055 sambaGroupType: 2 description: Local Unix group memberUid: pgienger displayName: IT Administration The following attributes have to be deleted at the same time as the objectClass sambaGroupMapping: sambaSID sambaGroupType displayName The rest of the attributes are declared in top and/or posixGroup so will still be valid with only those two parent classes. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
