[Samba] Re: Novell EDirectory as LDAP backend
Hello, I think this (from sambaAccount) MustContain { "uid"}, should be MustContain { "uniqueId"}, since this is a ldap schema to nds conversion and the uid attribute from ldap is mapped to uniqueId in nds. I also added some flags to the password fields. Attached the modified version. regards sv -- -- Submitted by Bruno Gimenes Pereti <[EMAIL PROTECTED] mp dot edu dot br> -- Modified by Rolf Offermanns -- Modified by Stefan Völkel -- -- schema file for Novell's eDirectory 8.6/8.7 -- SambaAccountSchemaExtensions DEFINITIONS ::= BEGIN -- Password hashes "lmPassword" ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_CI_STRING, Flags { DS_SINGLE_VALUED_ATTR, DS_SIZED_ATTR, DS_SYNC_IMMEDIATE }, LowerBound 0, UpperBound 32, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 1 } } "ntPassword" ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_CI_STRING, Flags { DS_SINGLE_VALUED_ATTR, DS_SIZED_ATTR, DS_SYNC_IMMEDIATE }, LowerBound 0, UpperBound 32, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 2 } } -- Account flags in string format ([UWDX ]) "acctFlags" ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_CI_STRING, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 4 } } -- Password timestamps & policies "pwdLastSet" ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 3 } } "logonTime" ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 5 } } "logoffTime" ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 6 } } "kickoffTime" ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 7 } } "pwdCanChange" ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 8 } } "pwdMustChange" ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 9 } } -- string settings "homeDrive" ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_CI_STRING, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 10 } } "scriptPath" ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_CI_STRING, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 5 1 4 1 7165 2 1 11 } } "profilePath" ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_CI_STRING, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 12 } } "userWorkstations" ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_CI_STRING, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 13 } } "smbHome" ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_CI_STRING, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 17 } } "domain" ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_CI_STRING, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 18 } } -- user and group RID "rid" ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 14 } } "primaryGroupID" ATTRIBUTE ::= { Operation ADD, SyntaxIDSYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 15 } } "sambaAccount" OBJECT-CLASS ::= { Operation ADD, Flags {DS_AUXILIARY_CLASS}, SubClassOf {"TOP"}, MustContain { "uniqueID"}, MustContain { "rid"}, MayContain { "CN"}, MayContain { "lmPassword"}, MayContain { "ntPassword"}, MayContain { "pwdLastSet"}, MayContain {
Re: [Samba] Re: Novell EDirectory as LDAP backend
> > Yes, 8.6.3 on a RH 7.3 to be precise. > I am using 8.7 on RH 7.3. > > > > Works pretty good. I have not yet tried to integrate cups but user > > authentification (unix login) is done via pam_ldap, i just have some > > problems getting password syncronisation running, users can alt-ctrl-del > > an change their windows password, but I want to set the user unix > > password too. > > That works for me, too. > Concerning the passwd sync, have a look at the > passwd program, passwd chat and unix passwd sync > options in smb.conf. Since I use eDirectory with ldap to authenticate users login into the machine, I wanted to use the pam password change = true setting, but I can not change passwords (even with passwd) at all: LDAP password information update failed: DSA is unwilling to perform but that looks like an eDirectory or EPERM problem. > >> The only thing that does not work is to ldapadd or ldif import users > >> with objectClass sambaAccount. > > > > > > sambaAccount is an auxiliary class, i think you do need a real object > > class (like user). Take a look with the Schema Manager (ConsoleOne) at > > the user class, and the needed attributes (IIRC there are 4). > > I have a real object. Are you able to add/import a user object with > sambaAccount on your system? If so, can you provide a working ldif > sample that works for you. The 2.2.7 smbldap-*.pl scripts do not work for me too. I appended a diff from a working version. > I have tried the following w/o success. > Create a working posixAccount/sambaAccount user with c1. Export it using > the export wizard. Delete the object and try to reimport it. > -> object class violation Ok that is rather odd ;) -- Stefan Völkel[EMAIL PROTECTED] Millenux GmbH mobile: +49.170.79177.17 Lilienthalstraße 2 phone: +49.711.88770.300 70825 Stuttgart-Korntal fax: +49.711.88770.349 -= linux without limits -=- http://linux.zSeries.org/ =- --- smbldap-useradd.pl Thu Feb 13 15:25:59 2003 +++ /usr/share/doc/samba-2.2.7a/examples/LDAP/smbldap-tools/smbldap-useradd.pl Wed +Dec 11 10:17:23 2002 @@ -1,7 +1,5 @@ #!/usr/bin/perl -# $Id: smbldap-useradd.pl,v 1.23 2002/07/24 11:51:35 gmacinen Exp $ -# # This code was developped by IDEALX (http://IDEALX.org/) and # contributors (their names can be found in the CONTRIBUTORS file). # @@ -159,7 +157,7 @@ $userName .= "\$"; } -print "About to create machine $userName:\n"; +#print "About to create machine $userName:\n"; if (!add_posix_machine ($userName, $userUidNumber, $userGidNumber)) { die "$0: error while adding posix account\n"; @@ -196,10 +194,10 @@ my $tmpldif = "dn: uid=$userName,$usersdn -objectclass: inetOrgPerson +objectclass: top +objectclass: account objectclass: posixAccount cn: $userName -sn: $userName uid: $userName uidNumber: $userUidNumber gidNumber: $userGidNumber @@ -271,7 +269,8 @@ my $tmpldif = "dn: uid=$userName,$usersdn changetype: modify -objectClass: inetOrgPerson +objectclass: top +objectclass: account objectclass: posixAccount objectClass: sambaAccount pwdLastSet: 0 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Novell EDirectory as LDAP backend
Hi, is anybody out there who is using Novell Edir. with samba? Yes, 8.6.3 on a RH 7.3 to be precise. I have searched the archive and found some random notes but no real success story. Works pretty good. I have not yet tried to integrate cups but user authentification (unix login) is done via pam_ldap, i just have some problems getting password syncronisation running, users can alt-ctrl-del an change their windows password, but I want to set the user unix password too. The only thing that does not work is to ldapadd or ldif import users with objectClass sambaAccount. sambaAccount is an auxiliary class, i think you do need a real object class (like user). Take a look with the Schema Manager (ConsoleOne) at the user class, and the needed attributes (IIRC there are 4). Adding posixAccount users and then adding the sambaAccount objectClass via Novells "ConsoleOne" works, so I guess this is a edir. specific problem which is OT here. Check out the Novell News Servers, one is at: support-forums.novell.com by Stefan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba