about ldapsam:editposix extension

Gavin Henry ghenry at suretecsystems.com
Sun Mar 5 20:38:06 GMT 2006

simo said the following on 05/03/06 16:16:
> On Sun, 2006-03-05 at 10:55 +0000, Gavin Henry wrote:
>><quote who="simo">
>>>To who may be interested I've started a little howto that
>>>give some direction on how to better use the ldapsam:editposix
>>>This extension is not yet in any officially released code, if you want
>>>to test it you need to pull the trunk SVN tree from samba.org
>>>The HOWTO:
>>Hi Simo,
>>As we understand it, this extension allows you to choose whether or not
>>you use enternal tools like IDEALX's smbldap-tools? Correct?
> Correct. But only for very specific cases.

Ah, understood.

>>How do you add users/groups then with this extension, via adding a normal
>>user account on the Samba PDC (posix account)? What manangement tools can
>>an admin use?
> Either by usrmgr.exe or by net rpc user add, net rpc group add, or any
> othe tool that connects to our RPC pipes and issues the right calls.


>>The reason we ask, is that we are about 70% porting the IDEALX
>>smbldap-tools to OO-Perl code to go on to the CPAN, called Samba::LDAP. So
>>we are just checking this work is not a waste.
> No, it is not a waste, lot of sites rely on scripts because they want
> much more flexibility in creating their accounts.

That's the answer we were hoping for ;-)

>>This also has some bits in it for adding Open-xchange users (only the LDAP
>>part really).
>>The work for Samba::LDAP distribution port is because of another Web
>>Application we are around 50% through called SOSA, The Samba and
>>Open-xchange Simple Administrator. It is written with the Catalyst
>>Framework (http://catalyst.perl.org), with a bit of Prototype.js and
>>mostly the Dojo Toolkit (http://dojotoolkit.org). Beta screenshots
>>available if anyone is interested ;-)
>>Anyway, enough of that. Are there any tech docs about your new Schema
>>Extensions we can read about, as they might be good to make use of inside
> no new schema extension, the only critical bit in ldapsam:editposix is
> that it uses winbind to alloc uids and gids, so if you want to add new
> users/groups directly to ldap, you must use a range different from the
> one specified by idmap uid/gid parm.
> I think you may use the same range if you use idmap ldap and have an app
> that correctly deal with the ou=idmap uidNumber and gidNumber counters,
> but that must be carefully code or you risk breaking the mapping
> functionality of winbindd.
> Simo.

Thanks for the advice, it's much appreciated.

Look out for our announcement in the next few weeks.


Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 742001
E ghenry at suretecsystems.com

Open Source. Open Solutions.(tm)


More information about the samba-technical mailing list