[Samba] Re: Samba3 - LDAP - USRMGR.EXE
Igor Belyi
sambauser at katehok.ac93.org
Thu Sep 16 02:20:16 GMT 2004
Mark Jones wrote:
> debug... But this error message you said, only appears if you try to add or
> delete the user twice from LDAP, so you should remove "-a" from the add user
> script and comment out the user delete script if you intend to use
> usrmgr.exe.
In case you're interested I've created a patch for Bug#762
(https://bugzilla.samba.org/attachment.cgi?id=643) which makes removing
and adding users to work a little bit better.
As far as I understand "add user script" is necessary only to add UNIX
account (posixAccount fields if you use LDAP) and then Samba will add
Samba related information into the right database depending on your
"passdb backend" parameter. This is why you need to use "-a" switch of
the smbldap-useradd.pl ONLY if you run it from command line. The same
idea is suppose to be behind "delete user script" parameter - first,
Samba deletes samba related information from the account and then uses
the script to delete UNIX account.
The "ldap delete dn = yes" is a work around for a problem which my patch
fixes. What this parameter does - it asks Samba to delete user's DN
entry from LDAP completely instead of peeling just Samba related
information. In this case "delete user script" fails to find the user
since Samba already removed ALL information about it. That's why you
don't need "delete user script" if you have "ldap delete dn = yes".
Originally, this patch was created for 3.0.6 but it merges nicely into
3.0.7 as well.
Here're the related lines from my smb.conf:
passdb backend = ldapsam
ldap delete dn = no
add machine script = /usr/local/sbin/smbldap-useradd.pl -w "%u"
## Uncomment if you want USRMGR.EXE to add Unix account as well.
# add user script = /usr/local/sbin/smbldap-useradd.pl -n -d /dev/null
-s /bin/false "%u"
add group script = /usr/local/sbin/smbldap-groupadd.pl -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m "%u" "%g"
## Uncomment if you want USRMGR.EXE to remove UNIX account as well.
# delete user script = /usr/local/sbin/smbldap-userdel.pl "%u"
delete group script = /usr/local/sbin/smbldap-groupdel.pl "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x
"%u" "%g"
Hope it helps,
Igor
More information about the samba
mailing list