LDAP: Administrator/Groups/RID
Matt Chapman
m.chapman at student.unsw.edu.au
Sun Jan 17 14:27:44 GMT 1999
Martin Hofbauer Bacher Systems EDV wrote:
> Today I continued testing the LDAP/PDC functionality;
>
> I succeeded joining the domain and login with an LDAP User !!!!!!
Fantastic!
> What about the objectclass SAMBAGROUP ?
> What are the attributes ?
> So , how should domain group mapping be done with LDAP ?
> ( ldap ? files ? ldap and files ? )
The LDAP group stuff is really not designed to be done by hand. Currently if
you're game you can use rpcclient; very soon you will be able to use User
Manager (in fact, I would be interested to know how much of it works now).
For your information, here are the schemas (not guaranteed, just from a quick
look back at the code!):
objectclass sambaGroup
requires
cn, /* group name */
rid
allows
description,
member /* repeated for each member, in format "name,rid,type" */
/* e.g. member=matty,0x600,1 */
There is also sambaAlias and sambaBuiltin conforming to the same format as above
except containing SIDs instead of RIDs, as well as:
objectclass sambaConfig
requires
id, /* in the future we may have a whole configuration tree */
/* currently this must be "root" */
nextrid /* next RID to allocate */
Now unfortunately this is all getting away from UNIX a little but people want
their plug-and-play PDC functionality...
Matt
--
Matt Chapman
m.chapman at student.unsw.edu.au
More information about the samba-technical
mailing list