LDAP schema

Matt Chapman m.chapman at student.unsw.edu.au
Fri Nov 27 08:06:57 GMT 1998

LDAP support is coming along well, and I would like some comments as to the

In particular I need Luke's input as to storing uids/gids vs storing RIDs vs
both. Also how does one add users to groups and aliases (in terms of the api)?
Have I misunderstood something here?

In any case here are some examples of the current schema.

sambaAccount (compatible with RFC2307 posixAccount)

dn: uid=matty, dc=mycorp, dc=com
objectClass: posixAccount
objectClass: sambaAccount
uid: matty
cn: Matthew Chapman
description: Just another account
uidNumber: 500
gidNumber: 500
homeDirectory: /home/matty

// Now the Samba extensions
lmPassword: 46E389809F8D55BB78A48108148AD508
ntPassword: 1944CCE1AD6F80D8AEC9FC5BE77696F4
pwdLastSet: 35C11F1B
smbHome: \\server\share
homeDrive: Z
script: logon.bat
profile: \\server\profile
workstations: MYPC

// and smbgrp stuff. currently I put RIDs here like in smbgroupfile.
group: 2040
alias: 2120
alias: 2410

sambaGroup (compatible with RFC2307 posixGroup)

dn: cn=Domain Admins, dc=mycorp, dc=com
objectClass: posixGroup
objectClass: sambaGroup
cn: Domain Admins
description: Domain administration group
gidNumber: 510
uidMember: matty
uidMember: testuser


dn: cn=Administrators, dc=mycorp, dc=com
objectclass: sambaAlias
cn: Administrators
description: Local administrators
gidNumber: 520
member: (MYDOM\Domain Admins, S-1-5-21-2636145155-1092092370-2737775054-200, 5)
member: (MYDOM\matty, S-1-5-21-2636145155-1092092370-2737775054-7D0, 1)

Matt Chapman
E-mail: mattyc at cyberdude.com

More information about the samba-technical mailing list