LDAP: Administrator/Groups/RID

Matt Chapman m.chapman at student.unsw.edu.au
Sun Jan 17 14:27:44 GMT 1999

Martin Hofbauer Bacher Systems EDV wrote:

> Today I continued testing the LDAP/PDC functionality;
> I succeeded joining the domain and login with an LDAP User !!!!!!


> What about the objectclass SAMBAGROUP ?
> What are the attributes ?

> So , how should domain group mapping be done with LDAP ?
> (  ldap ? files ? ldap and files ? )

The LDAP group stuff is really not designed to be done by hand. Currently if
you're game you can use rpcclient; very soon you will be able to use User
Manager (in fact, I would be interested to know how much of it works now).

For your information, here are the schemas (not guaranteed, just from a quick
look back at the code!):

objectclass sambaGroup
        cn,  /* group name */
        member   /* repeated for each member, in format "name,rid,type" */
                            /* e.g. member=matty,0x600,1 */

There is also sambaAlias and sambaBuiltin conforming to the same format as above
except containing SIDs instead of RIDs, as well as:

objectclass sambaConfig
	id,	/* in the future we may have a whole configuration tree */
		/* currently this must be "root" */
        nextrid  /* next RID to allocate */

Now unfortunately this is all getting away from UNIX a little but people want
their plug-and-play PDC functionality...


Matt Chapman
m.chapman at student.unsw.edu.au

More information about the samba-technical mailing list