[Samba] Samba4: programmatic account creation via LDAP
(unicodePwd)
Andrew Bartlett
abartlet at samba.org
Mon Apr 6 04:39:46 GMT 2009
On Tue, 2009-02-24 at 23:44 -0600, James R. Leu wrote:
> Hello,
>
> I've started working with samba4-alpha6. I've been successful
> in setting up an AD with an openldap backend. I'm now
> shifting my focus to how I would go about migrating to
> a samba4 setup from a microsoft AD implementation.
>
> To that end I've written a perl script that uses Net::LDAP
> to create users in the samba4 LDAP backend. I can create
> the user in such a way that samba4 is happy with it, but
> I'm unable to set an initial password for the user.
>
> I've tried using a template user that has a known password
> and then duplicating that users nTSecurityDescriptor, but that
> doesn't seem to work. I've tried creating a unicodePwd entry
> with the following code:
>
> my $charmap = Unicode::Map8->new('latin1') or die $!;
> my $unipwd = $charmap->tou(qq{"$passwd"})->byteswap()->utf16();
>
> But that doesn't seem to work either.
>
> I was wondering if anyone working with samba4 could recommend
> a way to create users programmatically. If a mechanism does not
> exist, perhaps someone could point me in the right direction to
> add the necessary hooks to samab4 to allow it.
This should now work in Samba4, thanks to work to get Windows 7 to join
the domain.
We also support an extension: You may set 'userPassword' with a utf8
password, rather than the silly UCS2 in quotes format of unicodePwd.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20090406/be999ac7/attachment.bin
More information about the samba
mailing list