[FYI] samba_2_2 openLdap 2.1.3 and the auxiliary/structural objects

Mike Brady mike.brady at devnull.net.nz
Tue Aug 13 17:48:00 GMT 2002


The "account" structural object class would seem to be a reasonable default.

Could the structural class to be used, be made configurable?  That is, have a 
"ldap user structural class" parameter in smb.conf.   I think that this would 
make the Samba usable in more situtations.

On Wed, 14 Aug 2002 05:41, Luke Howard wrote:
> >How should we handle this within Samba? Should we create a new user with
> >a "person" objectClass and a sambaAccount (assuming an applicable
> >non-sambaAccount object doesn't exist, of course).  This does simplify
> >some things (we can take cn out of the sambaAccount) but adds the
> >(possible) difficulty of requiring an sn (which, btw is lacking from
> >your example of a "correct" ldif, so you might want to fix that).  It's
> >been a while since I last looked at the samba attribubtes -> LDAP
> >mapping, so I don't remember if there is already something suitable for
> >sn or not.
>
> The fact that "sn" is required is a constant annoyance. :-) It's
> good to use person or a subclass thereof for compatibility with white
> pages-type clients (e-mail address books, etc). The Active Directory
> "User" object class is also derived from person.
>
> Here however, it is perhaps better that the user of "person" as a
> structural object class is best left to administrators. SAMBA can
> just add the sambaAccount auxiliary object class to such entries.
>
> In the case where there is no existing entry, then SAMBA should
> probably use the "account" structural object class which only
> requires the "uid" attribute. See section 5.3 of RFC 2307.
>
> -- Luke




More information about the samba-technical mailing list