about ldapsam:editposix extension
ghenry at suretecsystems.com
Sun Mar 5 20:38:06 GMT 2006
simo said the following on 05/03/06 16:16:
> On Sun, 2006-03-05 at 10:55 +0000, Gavin Henry wrote:
>>>To who may be interested I've started a little howto that
>>>give some direction on how to better use the ldapsam:editposix
>>>This extension is not yet in any officially released code, if you want
>>>to test it you need to pull the trunk SVN tree from samba.org
>>As we understand it, this extension allows you to choose whether or not
>>you use enternal tools like IDEALX's smbldap-tools? Correct?
> Correct. But only for very specific cases.
>>How do you add users/groups then with this extension, via adding a normal
>>user account on the Samba PDC (posix account)? What manangement tools can
>>an admin use?
> Either by usrmgr.exe or by net rpc user add, net rpc group add, or any
> othe tool that connects to our RPC pipes and issues the right calls.
>>The reason we ask, is that we are about 70% porting the IDEALX
>>smbldap-tools to OO-Perl code to go on to the CPAN, called Samba::LDAP. So
>>we are just checking this work is not a waste.
> No, it is not a waste, lot of sites rely on scripts because they want
> much more flexibility in creating their accounts.
That's the answer we were hoping for ;-)
>>This also has some bits in it for adding Open-xchange users (only the LDAP
>>The work for Samba::LDAP distribution port is because of another Web
>>Application we are around 50% through called SOSA, The Samba and
>>Open-xchange Simple Administrator. It is written with the Catalyst
>>Framework (http://catalyst.perl.org), with a bit of Prototype.js and
>>mostly the Dojo Toolkit (http://dojotoolkit.org). Beta screenshots
>>available if anyone is interested ;-)
>>Anyway, enough of that. Are there any tech docs about your new Schema
>>Extensions we can read about, as they might be good to make use of inside
> no new schema extension, the only critical bit in ldapsam:editposix is
> that it uses winbind to alloc uids and gids, so if you want to add new
> users/groups directly to ldap, you must use a range different from the
> one specified by idmap uid/gid parm.
> I think you may use the same range if you use idmap ldap and have an app
> that correctly deal with the ou=idmap uidNumber and gidNumber counters,
> but that must be carefully code or you risk breaking the mapping
> functionality of winbindd.
Thanks for the advice, it's much appreciated.
Look out for our announcement in the next few weeks.
T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 742001
E ghenry at suretecsystems.com
Open Source. Open Solutions.(tm)
More information about the samba-technical