[Samba] i can't delete groupmap
Paul Gienger
pgienger at ae-solutions.com
Thu Jul 21 16:11:48 GMT 2005
> > Since it seems you're using an LDAP backend, check your group objects
> for
> > each of the groups you list above (products, man, domadmin, domuser).
> > Remove the samba attributes/objectclass from those groups that are
> > incorrectly mapped, I would assume those are the products and man
> groups.
> >
> >
> >
>
> yes i'm using ldap backend, but i can't delete the attributes or
> objectclass, for example the sambaGroupMapping, i obtain the error:
>
> attribute 'sambaGroupType' not allowed].
You need to delete ALL the attributes that are allowed only by the
sambaGroupMapping in order to still have a valid LDAP object syntax.
It sounds like you need a good LDAP primer course, but I'll try to give you
enough to get you going in this case...
Hopefully your LDAP browser gives you a schema view, if not I suggest you
find one that does. Gq will, you can get there with phpLDAPAdmin, I'm sure
there are others.
Look at your object and determine your objectclasses. You need to look at
each one and determine where your attributes are derived from, anything that
is ONLY in sambaGroupMapping must go. In this object:
dn: cn=itadmin,ou=Group,dc=ae-solutions,dc=com
objectClass: posixGroup
objectClass: top
objectClass: sambaGroupMapping
cn: itadmin
gidNumber: 2027
sambaSID: S-1-5-21-112718084-1284083569-2990761952-5055
sambaGroupType: 2
description: Local Unix group
memberUid: pgienger
displayName: IT Administration
The following attributes have to be deleted at the same time as the
objectClass sambaGroupMapping:
sambaSID
sambaGroupType
displayName
The rest of the attributes are declared in top and/or posixGroup so will
still be valid with only those two parent classes.
More information about the samba
mailing list