LDAP schema

Matt Chapman m.chapman at student.unsw.edu.au
Mon Nov 30 04:04:10 GMT 1998

Luke Kenneth Casson Leighton wrote:

> or, you could put both names in: unixusername and ntusername.  if you
> don't, then we'll have to go via a text file
> /usr/local/samba/lib/domainusername.map to resolve between ntusernames and
> unixnames.

ok, but in general we're really going to have to create unix users with the same
name (or some mangled variation thereof) as the NT name, and vice versa.
Especially since soon we're going to have to get User Manager administering
Samba (either that or add another fifty switches to smbpasswd...) and there's no
way for that to tell us what Unix username to create.

> this could be a bit of a pain if someone wants to suck a SAM database out
> of an NT server and create an LDAP one.

This is a very cool idea, a utility along the lines of pwdump that sucks ALL of
the information out of the SAM, including the domain SID etc, into LDIF format
ready for Samba to use... It would certainly simplify the *upgrade* path :-)

Yep, that's definitely on my todo list.

> i also recommend that you add a User RID and a Primary Group RID field, to
> make life easier for SAM suckers.


> > Also how does one add users to groups and aliases (in terms of the api)?
> > Have I misunderstood something here?
> for now, don't worry about the group issues.  let's stick with the
> UNIX-lookup code, which seems to do a good job.  unless you _want_ to do
> it, that is :-)

Well, i've already written passgrpldap.c, groupldap.c and aliasldap.c... it's
just that you need to add users to groups with ldapmodify, there doesn't seem to
be any api for it. Is there? What were you intending to do?


Matt Chapman
E-mail: mattyc at cyberdude.com

More information about the samba-technical mailing list