LDAP schema

Jean Francois Micouleau Jean-Francois.Micouleau at dalalu.fr
Fri Nov 27 09:34:57 GMT 1998

On Fri, 27 Nov 1998, Matt Chapman wrote:

> A number of those attributes aren't of very much use to us though; they
> only surface at certain info levels which it would be absurd to add
> passdb routines for, or provide functionality which won't be in Samba
> while we are still tied to the existing databases. And in a few years
> time who knows what we'll need... 

Check again, most of them are in the user_info_21 struct.

> Maybe we need a whole new strategy for obtaining user & group
> information...  perhaps something along the lines of open_user,
> get_user_attribute (so that an extensible set of attributes could be
> queried), close_user... Well, it would certainly make the LDAP
> implementation easier :-) 

Why do you think the passdb.c API is for ? That's exactly what we done
Luke and I in April/May ! It was all abstracted in an API exacly because I
wanted to store more attributes in the LDAP database than what was
available in the smbpasswd file.

> I would like to see what Luke has to say on the issue of storing RIDs, SIDs,
> etc. as opposed to generating them..., but certainly in the schema I'll be
> adding a few more attributes to those in that example.

We debated this already with Luke and Jeremy some months ago.
The standard case is where the users don't have any RID, you generate them
based on the UID, using Jeremy's mapping.

The second case, is when you're migrating from an NT-Domain to a
Samba-Domain, and you want to keep the RID

> I did have a look at Microsoft's AD docs before and they seem to go into their
> new NT5 groups schema in great detail but not say very much about individual
> user information... was I looking in the wrong place?

Last time I checked the AD schema on MS web server was outdated. You have
to find an NT5 beta 2 CD to have the latest version.


More information about the samba-technical mailing list