> If you don't already have a GUI for looking at the LDAP structure, I > suggest that you install one - then you will easily be able to browse > through the schema. Luma is the nicest LDAP GUI that I have been able to > find. > When I look at the sambaGroupMapping in the schema area in luma, I see > the 'allowed attributes' - > description > displayName > sambaSIDList > Maybe you can use one of the first 2 to store your link string.
Never, ever, store any value in any LDAP attribute other than what is/was intended to be stored their by the schema specification/designer. Playing fast and loose with schema will eventually blow up in your face. If you were using an RDBMS would you put the street address in the PO number field? > > this is a little bit off-topic, because it is rather LDAP related. I need > > to store an additional string in every 'posixGroup/sambaGroupMapping' > > object in the LDAP backend. (This string is used to hold an key to an > > external database.) > > For user accounts I can use the 'employeeNumber' attribute which is > > provided by 'inetOrgPerson'. Any ideas what I could use for group accounts > > accordingly? Of course it must not interfere with Samba and PAM. The main > > problem is that 'posixGroup' is an structural class and thus all extra > > classes must be auxiliary. Define an auxillary object class and add it to the object. For instance we have: dn: cn=cis,ou=Groups,ou=SAM,o=Morrison Industries,c=US cn: cis gidNumber: 230 allowprimary: Y objectClass: posixGroup objectClass: top objectClass: morrisongroup objectClass: sambaGroupMapping objectClass: opengroupwareentity sambaSID: S-1-5-21-2037442776-3290224752-88127236-1461 sambaGroupType: 2 displayName: IT Staff description: IT Staff opengroupwareid: 11530 memberUid: adam memberUid: rhopkins memberUid: cleslie memberUid: steve where morrisongroup and opengroupwareentity are "local" schema. Just get an OID and design the required schema. And to head off what is usually the next question: no, there is no such thing as a local OID, you *MUST* get a real OID. Just go to <http://pen.iana.org/pen/PenApplication.page> and register for one *AT NO CHARGE*. Then take a look at <http://www.openldap.org/doc/admin24/schema.html#Extending%20Schema> -- Consonance: an Open Source .NET OpenGroupware client. Contact:[EMAIL PROTECTED] http://freshmeat.net/projects/consonance/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba