I found this document to upgrade from samba 2 schema to 3: http://samba.org/samba/docs/man/Samba-HOWTO-Collection/upgrading-to-3.0.html, search "New Schema". Script is in /usr/share/doc/samba-doc/examples/LDAP/ on Ubuntu.
On Sat, 10 Apr 2010 21:32:19 +0200, Giorgio Gallo <giorgioga...@gmail.com> wrote: > Hi Vladimir! > > Ok for changing into sambaSamAccount but what about the sambaSID? > It appears to be required! > > Cheers, > Giorgio > > -----Original Message----- > From: Vladimir Psenicka <vladimir.pseni...@prodeco.cz> > Sent: sabato 10 aprile 2010 18.40 > To: GG <joj...@gmail.com> > Cc: samba@lists.samba.org > Subject: Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to > latest versions on ubuntu 8.04 > > Hi GG > > 1. no delete, change objectClass:sambaAccount to > objectClass:sambaSamAccount in ldif, sambaAccount is deprecated > 2. uncomment lines with rid in samba.schema in HISTORICAL if you want to > preserve rid attribute, else delete it (don't see rid in our ldif) > 3. make all dn:uid=uid attribute > > And after this try to import ldif ... > > > On Fri, 9 Apr 2010 17:43:45 +0200, GG <joj...@gmail.com> wrote: >> Hello, >> >> I would delete sambaAccount but all users also use samba to logon to >> windows machines, wouldn't this prevent them from entering the domain >> etc? >> >>> dn: *uid=Christian Sanvi*,dc=Sistemi >>> *uid: csanvi* >> >> - I see what you mean. correct uid is csanvi: shall I make all dn: >> uid=*uid later defined*,dc,dc,dc? >> >> - I imported user correctly with no sambaAccount but what are the >> consequences for usage with samba? >> >> - sambaSID = should I put here the domain SID? >> http://www.aput.net/~jheiss/samba/ldap.shtml (seems he ) >> sambaLMPassword = this should be like on LDAP any info? >> sambaNTPassword = this should be like on LDAP any info? >> sambaAcctFlags = >> sambaDomain = this should be like domain-name?? >> >> The thing is I have to import LDAP and also make samba work after. >> >> - Is it possible to just import all LDAP without sambaAccount or >> sambaSamAccount and then add samba and domain part? >> >> Ldap is just the back end, what then needs to work is samba and domain > PDC >> etc.. >> >> Giorgio >> >> >> >> On 4/9/10, Vladimir Psenicka <vladimir.pseni...@prodeco.cz> wrote: >>> Hi. >>> >>> Can you change *objectClass: sambaAccount* to *objectClass: >>> sambaSamAccount* in whole ldif, but object class 'sambaSamAccount' >>> requires attribute 'sambaSID' and maybee other samba* attributes. Or >>> delete objectClass: sambaAccount from this dn when no samba* attribute >>> is specified in this dn. I can't see objectClass: sambaAccount in our >>> Samba 3.0 samba.schema. >>> >>> You can tune your old atributes (rid) in samba.schema: see HISTORICAL >>> >>> >>> Next your uid in dn must exactly be same as atribute uid >>> >>> >>> dn: *uid=Christian Sanvi*,dc=Sistemi >>> Informativi,dc=People,dc=GG-s-Domain,dc=it >>> structuralObjectClass: inetOrgPerson >>> entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f >>> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it >>> createTimestamp: 20030801093311Z >>> objectClass: inetOrgPerson >>> objectClass: person >>> objectClass: posixAccount >>> objectClass: shadowAccount >>> mail: christian.sa...@gg-s-domain.it >>> mailHost: mail.GG-s-Domain.it >>> mailMessageStore: /var/qmail/maildirs/GG-s-Domain.it/christian.sanvi >>> *uid: Christian Sanvi* >>> cn: csanvi >>> sn: sanvi >>> shadowMax: 99999 >>> shadowWarning: 7 >>> loginShell: /bin/bash >>> uidNumber: 1000 >>> gidNumber: 100 >>> homeDirectory: /home/christian >>> gecos: Christian Sanvi,,, >>> entryCSN: 2008042908:48:24Z#0x0002#0#0000 >>> modifiersName: cn=Manager,dc=GG-s-Domain,dc=it >>> modifyTimestamp: 20080429084824Z >>> userPassword:: e2NyeXB0fVc4Tmx0ck9pZDZhd3M= >>> shadowLastChange: 14695 >>> >>> >>> This dn imported me fine (delete qmail and samba objectclass and rid >>> attribute). >>> >>> >>> Dne 9.4.2010 12:40, GG napsal(a): >>> > Hello! >>> > >>> > So I added openldap.schema and qmail.schema, deleted /var/lib/ldap/* >>> > and slapadd the ldif; I still get the same errors though! >>> > >>> > Being on the first line it seems as if dn: uid=,dc=,dc=,dc= is not ok >>> > for the new version, because it imports groups correctly dn: >>> > dc=,dc=,dc= >>> > >>> > Ideas? >>> > >>> > Cheers, >>> > Giorgio >>> > >>> > On 4/8/10, Vladimir Psenicka <vladimir.pseni...@prodeco.cz> wrote: >>> >> You have in gg-edited.ldif (first error on line 52): >>> >> >>> >> dn: uid=name surname,dc=Sistemi >>> >> Informativi,dc=People,dc=GG-s-Domain,dc=it >>> >> structuralObjectClass: inetOrgPerson >>> >> entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f >>> >> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it >>> >> createTimestamp: 20030801093311Z >>> >> objectClass: inetOrgPerson >>> >> objectClass: person >>> >> objectClass: sambaAccount >>> >> objectClass: qmailUser >>> >> objectClass: posixAccount >>> >> objectClass: shadowAccount >>> >> >>> >> Dou you have all apropriate schemas in your slapd.conf and in >>> >> /etc/ldap/schema/ on your new server? You should have all schemas in >>> >> new >>> >> slapd.conf as you had in slapd.conf on old server...qmail schema >>> >> etc... >>> >> >>> >> Dne 8.4.2010 11:44, GG napsal(a): >>> >>> Hello Vladimir and NG, >>> >>> >>> >>> I added samba.schema and removed the "" and it imported ldif > without >>> >>> saying anything about groups now :-) >>> >>> >>> >>> There are some warnings I am attaching. >>> >>> >>> >>> It moans about >>> >>> str2entry: invalid value for attributeType objectClass #3 (syntax >>> >>> 1.3.6.1.4.1.1466.115.121.1.38) >>> >>> slapadd: could not parse entry (line=11937) >>> >>> and if I look at the ldif I find this >>> >>> dn: uid=someuid,dc=Filiali,dc=People,dc=domain,dc=it >>> >>> >>> >>> and other error >>> >>> slapadd: could not parse entry (line=11116) >> > > [The entire original message is not included] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba