Le Sun, Oct 12, 2003 at 10:44:08PM +0200, Nicko a ecrit: > But when i triy to add user with smbpasswd ou pdbedit i get these errors in > debug mode (this user is an unix user). > --SNIP-- > ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No > such object)ldapsam_search_one_group: Query was: ou=Groups, > (&(objectClass=sambaGroupMapping)(gidNumber=100)) > --SNIP--
Where does the unix user part is defined ? in the directory ? I think you should better specifie a default gidNumber for the users to be 513 for 'Domain Users' ($_defaultUserGid = 513 in the smbldap_conf.pm). If you installed the Idealx's tools, why don't you use the 'smbldap-useradd.pl -a user' instead of smbpasswd or pdedit ? btw, i have attached to this mail the last updated script of smbldap-populate.pl that created the ldap directory structure, and that included the mapping of the groups. -- Jérôme Tournier IDEALX SAS Administrateur Systèmes 15-17 Avenue de Segur [EMAIL PROTECTED] 75007 PARIS Tel.: 01 44 42 00 37 Fax.: 01 44 42 00 37 gpg key ID: 0xDA962B24
#!/usr/bin/perl -w # Populate a LDAP base for Samba-LDAP usage # # $Id: smbldap-populate.pl,v 1.18 2003/09/19 12:36:44 jtournier Exp $ # This code was developped by IDEALX (http://IDEALX.org/) and # contributors (their names can be found in the CONTRIBUTORS file). # # Copyright (C) 2001-2002 IDEALX # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. # Purpose : # . Create an initial LDAP database suitable for Samba 2.2 # . For lazy people, replace ldapadd (with only an ldif parameter) use strict; use FindBin; use FindBin qw($RealBin); use lib "$RealBin/"; use smbldap_tools; use smbldap_conf; use Getopt::Std; use Net::LDAP::LDIF; use vars qw(%oc); # objectclass of the suffix %oc = ( "ou" => "organizationalUnit", "o" => "organization", "dc" => "dcObject", ); my %Options; my $ok = getopts('a:b:?', \%Options); if ( (!$ok) || ($Options{'?'}) ) { print "Usage: $0 [-ab?] [ldif]\n"; print " -a administrator login name (default: Administrator)\n"; print " -b guest login name (default: nobody)\n"; print " -? show this help message\n"; print " ldif file to add to ldap (default: suffix, Groups,"; print " Users, Computers and builtin users )\n"; exit (1); } my $_ldifName; my $tmp_ldif_file="/tmp/$$.ldif"; if (@ARGV >= 1) { $_ldifName = $ARGV[0]; } my $adminName = $Options{'a'}; if (!defined($adminName)) { $adminName = "Administrator"; } my $guestName = $Options{'b'}; if (!defined($guestName)) { $guestName = "nobody"; } if (!defined($_ldifName)) { my $attr; my $val; my $objcl; print "Using builtin directory structure\n"; if ($suffix =~ m/([^=]+)=([^,]+)/) { $attr = $1; $val = $2; $objcl = $oc{$attr} if (exists $oc{$attr}); if (!defined($objcl)) { $objcl = "myhardcodedobjectclass"; } } else { die "can't extract first attr and value from suffix $suffix"; } #print "$attr=$val\n"; my ($organisation,$ext) = ($suffix =~ m/dc=(\w+),dc=(\w+)$/); #my $FILE="|cat"; my $FILE=$tmp_ldif_file; open (FILE, ">$FILE") || die "Can't open file $FILE: $!\n"; print FILE <<EOF; dn: $suffix objectClass: $objcl objectclass: organization $attr: $val o: $organisation dn: $usersdn objectClass: organizationalUnit ou: $usersou dn: $groupsdn objectClass: organizationalUnit ou: $groupsou dn: $computersdn objectClass: organizationalUnit ou: $computersou dn: uid=$adminName,$usersdn cn: $adminName sn: $adminName objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount gidNumber: 512 uid: $adminName uidNumber: 998 homeDirectory: $_userHomePrefix sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomePath: $_userSmbHome sambaHomeDrive: $_userHomeDrive sambaProfilePath: $_userProfile sambaPrimaryGroupSID: $SID-512 sambaLMPassword: XXX sambaNTPassword: XXX sambaAcctFlags: [U ] sambaSID: $SID-2996 loginShell: /bin/false gecos: Netbios Domain Administrator dn: uid=$guestName,$usersdn cn: $guestName sn: $guestName objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount gidNumber: 514 uid: $guestName uidNumber: 999 homeDirectory: /dev/null sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomePath: $_userSmbHome sambaHomeDrive: $_userHomeDrive sambaProfilePath: $_userProfile sambaPrimaryGroupSID: $SID-514 sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX sambaAcctFlags: [NU ] sambaSID: $SID-2998 loginShell: /bin/false dn: cn=Domain Admins,$groupsdn objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: Domain Admins memberUid: $adminName description: Netbios Domain Administrators sambaSID: $SID-512 sambaGroupType: 2 displayName: Domain Admins dn: cn=Domain Users,$groupsdn objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 513 cn: Domain Users description: Netbios Domain Users sambaSID: $SID-513 sambaGroupType: 2 displayName: Domain Users dn: cn=Domain Guests,$groupsdn objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 514 cn: Domain Guests description: Netbios Domain Guests Users sambaSID: $SID-514 sambaGroupType: 2 displayName: Domain Guests dn: cn=Administrators,$groupsdn objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 544 cn: Administrators description: Netbios Domain Members can fully administer the computer/sambaDomainName sambaSID: $SID-544 sambaGroupType: 2 displayName: Administrators dn: cn=Users,$groupsdn objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 545 cn: Users description: Netbios Domain Ordinary users sambaSID: $SID-545 sambaGroupType: 2 displayName: users dn: cn=Guests,$groupsdn objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 546 cn: Guests memberUid: $guestName description: Netbios Domain Users granted guest access to the computer/sambaDomainName sambaSID: $SID-546 sambaGroupType: 2 displayName: Guests dn: cn=Power Users,$groupsdn objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 547 cn: Power Users description: Netbios Domain Members can share directories and printers sambaSID: $SID-547 sambaGroupType: 2 displayName: Power Users dn: cn=Account Operators,$groupsdn objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 548 cn: Account Operators description: Netbios Domain Users to manipulate users accounts sambaSID: $SID-548 sambaGroupType: 2 displayName: Account Operators dn: cn=Server Operators,$groupsdn objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 549 cn: Server Operators description: Netbios Domain Server Operators (need smb.conf configuration) sambaSID: $SID-549 sambaGroupType: 2 displayName: Server Operators dn: cn=Print Operators,$groupsdn objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 550 cn: Print Operators description: Netbios Domain Print Operators (need smb.conf configuration) sambaSID: $SID-550 sambaGroupType: 2 displayName: Print Operators dn: cn=Backup Operators,$groupsdn objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 551 cn: Backup Operators description: Netbios Domain Members can bypass file security to back up files sambaSID: $SID-551 sambaGroupType: 2 displayName: Backup Operators dn: cn=Replicator,$groupsdn objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 552 cn: Replicator description: Netbios Domain Supports file replication in a sambaDomainName sambaSID: $SID-552 sambaGroupType: 2 displayName: Replicator dn: cn=Domain Computers,$groupsdn objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 553 cn: Domain Computers description: Netbios Domain Computers accounts sambaSID: $SID-553 sambaGroupType: 2 displayName: Domain Computers EOF close FILE; } else { $tmp_ldif_file=$_ldifName; } my $ldap_master=connect_ldap_master(); my $ldif = Net::LDAP::LDIF->new($tmp_ldif_file, "r", onerror => 'undef' ); while( not $ldif->eof() ) { my $entry = $ldif->read_entry(); if ( $ldif->error() ) { print "Error msg: ",$ldif->error(),"\n"; print "Error lines:\n",$ldif->error_lines(),"\n"; } else { my $dn = $entry->dn; print "adding new entry: $dn\n"; my $result=$ldap_master->add($entry); $result->code && warn "failed to add entry: ", $result->error ; } } $ldap_master->unbind; system "rm -f $tmp_ldif_file"; exit(0); ######################################## =head1 NAME smbldap-populate.pl - Populate your LDAP database =head1 SYNOPSIS smbldap-populate.pl [ldif-file] =head1 DESCRIPTION The smbldap-populate.pl command helps to populate an LDAP server by adding the necessary entries : base suffix (doesn't abort if already there), organizational units for users, groups and computers, builtin users : Administrator and guest, builtin groups (though posixAccount only, no SambaTNG support). -a name Your local administrator login name (default: Administrator) -b name Your local guest login name (default: nobody) If you give an extra parameter, it is assumed to be the ldif file to use instead of the builtin one. Options -a and -b will be ignored. =head1 FILES /usr/lib/perl5/site-perl/smbldap_conf.pm : Global parameters. =head1 SEE ALSO smp(1) =cut #' # - The End
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba