The "account" structural object class would seem to be a reasonable default.
Could the structural class to be used, be made configurable? That is, have a "ldap user structural class" parameter in smb.conf. I think that this would make the Samba usable in more situtations. On Wed, 14 Aug 2002 05:41, Luke Howard wrote: > >How should we handle this within Samba? Should we create a new user with > >a "person" objectClass and a sambaAccount (assuming an applicable > >non-sambaAccount object doesn't exist, of course). This does simplify > >some things (we can take cn out of the sambaAccount) but adds the > >(possible) difficulty of requiring an sn (which, btw is lacking from > >your example of a "correct" ldif, so you might want to fix that). It's > >been a while since I last looked at the samba attribubtes -> LDAP > >mapping, so I don't remember if there is already something suitable for > >sn or not. > > The fact that "sn" is required is a constant annoyance. :-) It's > good to use person or a subclass thereof for compatibility with white > pages-type clients (e-mail address books, etc). The Active Directory > "User" object class is also derived from person. > > Here however, it is perhaps better that the user of "person" as a > structural object class is best left to administrators. SAMBA can > just add the sambaAccount auxiliary object class to such entries. > > In the case where there is no existing entry, then SAMBA should > probably use the "account" structural object class which only > requires the "uid" attribute. See section 5.3 of RFC 2307. > > -- Luke