[FYI] samba_2_2 openLdap 2.1.3 and the auxiliary/structural objects

Luke Howard lukeh at PADL.COM
Tue Aug 13 08:42:00 GMT 2002

>How should we handle this within Samba? Should we create a new user with
>a "person" objectClass and a sambaAccount (assuming an applicable
>non-sambaAccount object doesn't exist, of course).  This does simplify
>some things (we can take cn out of the sambaAccount) but adds the
>(possible) difficulty of requiring an sn (which, btw is lacking from
>your example of a "correct" ldif, so you might want to fix that).  It's
>been a while since I last looked at the samba attribubtes -> LDAP
>mapping, so I don't remember if there is already something suitable for
>sn or not.

The fact that "sn" is required is a constant annoyance. :-) It's
good to use person or a subclass thereof for compatibility with white
pages-type clients (e-mail address books, etc). The Active Directory
"User" object class is also derived from person.

Here however, it is perhaps better that the user of "person" as a
structural object class is best left to administrators. SAMBA can
just add the sambaAccount auxiliary object class to such entries.

In the case where there is no existing entry, then SAMBA should
probably use the "account" structural object class which only
requires the "uid" attribute. See section 5.3 of RFC 2307.

-- Luke
Luke Howard | lukehoward.com
PADL Software | www.padl.com

More information about the samba-technical mailing list