Posix/Samba: the accounts managements

Simo Sorce simo.sorce at xsec.it
Mon Nov 3 14:01:09 GMT 2003

On Mon, 2003-11-03 at 14:24, Aurélien Degrémont wrote:

> It may be a big help, but it's very difficult to implement. It's so 
> difficult that external scripts are a very good solution, imho.

Yes they are.

> I had already made some tests with these kind of modification and it 
> works fine except for one problem.
> The ldapsam delete functions try to delete the samba object class 
> (sambaSamAccount or sambaGroupMapping) and all of its attributes, so the 
> 'cn' attributes too. But, the other classes which these classes depends 
> on need the 'cn' attribute too (i.e: posixAccount), so they don't like 
> at all that Samba try to remove it.


> So, I propose that the deletion (ldapsam_delete_entry) only remove the 
> samba objetclass, and let LDAP remove the associated attributes. As the 
> posixAccount needs the 'cn' attribute, LDAP will not remove it, only the 
> attributes that are not claimed by the other classes.

seem the right solution.

> Concerning the patches, I think all modification calls may be patched, 
> not only delete_dom_user and remove_user_foreign_domain, like 
> delete_group. I will test it and try to propose a patch soon.



Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l. - http://www.xsec.it
via Durando 10 Ed. G - 20158 - Milano
mobile: +39 329 328 7702
tel. +39 02 2399 7130 - fax: +39 02 700 442 399

More information about the samba-technical mailing list