Luke Kenneth Casson Leighton
lkcl at switchboard.net
Mon Nov 30 14:38:56 GMT 1998
On Mon, 30 Nov 1998, Matt Chapman wrote:
> Luke Kenneth Casson Leighton wrote:
> > or, you could put both names in: unixusername and ntusername. if you
> > don't, then we'll have to go via a text file
> > /usr/local/samba/lib/domainusername.map to resolve between ntusernames and
> > unixnames.
> ok, but in general we're really going to have to create unix users with the same
> name (or some mangled variation thereof) as the NT name, and vice versa.
i wrote you a little note, it says basically that it is sensible to
enforce same unix name as nt name, if we're going to use rfc2037 as a
> Especially since soon we're going to have to get User Manager administering
that's underway, and it already works. read-only.
> (either that or add another fifty switches to smbpasswd...) and there's
> way for that to tell us what Unix username to create.
that's... marginally irrelevant: it depends on the implementation (you,
for ldap :-)
[basically, you ought to know that i do not hold unix, nt or samba in high
regard (or any code or any well-established system) *except* where it's
pretty obvious that it's really good, and it works, and it does the job,
and we can get a good leg-up and have less work to do if we follow its
> > this could be a bit of a pain if someone wants to suck a SAM database out
> > of an NT server and create an LDAP one.
> This is a very cool idea, a utility along the lines of pwdump that sucks ALL of
> the information out of the SAM, including the domain SID etc, into LDIF format
> ready for Samba to use... It would certainly simplify the *upgrade* path :-)
> Yep, that's definitely on my todo list.
> > i also recommend that you add a User RID and a Primary Group RID field, to
> > make life easier for SAM suckers.
> > > Also how does one add users to groups and aliases (in terms of the api)?
> > > Have I misunderstood something here?
> > for now, don't worry about the group issues. let's stick with the
> > UNIX-lookup code, which seems to do a good job. unless you _want_ to do
> > it, that is :-)
> Well, i've already written passgrpldap.c, groupldap.c and aliasldap.c... it's
cool! ok, where? passdb/groupldap.c or groupdb/groupldap.c?
> just that you need to add users to groups with ldapmodify, there doesn't seem to
> be any api for it. Is there? What were you intending to do?
ok, i've _started_ on it (i decoded the stuff, i just need to create code
for it, i'm going to do client-side first, then server-side, using
SMB_FILE_DB defines (aliasfile.c, groupfile.c etc) as an example, then
when i'm happy, i'll be in a position to explain things if it's not
obvious from the code.
this _should_ all be really simple, you know :-) :-)
More information about the samba-technical