SambaSAMAccount and IBM Domino

Andrew Bartlett abartlet at samba.org
Thu Oct 29 04:20:05 MDT 2009 

On Thu, 2009-10-29 at 14:35 +1100, Michael Lucchese wrote:
> Here is an example of the problem:
> 
> We already have added the SambaSAMAccount objectclass and
> its related OIDs into the Domino LDAP Schema
> 
> When smbpasswd is executed to add the SambaSAMAccount attributes to a
> POSIX account it will add the objectclass SambaSAMAccount together with
> several of the SambaSAMAccount attributes.  This is followed by an
> ldapsearch for "(objectclass=SambaSAMAccount)" which fails because even
> though the SambaSAMAccount attributes were added to the DIT, the
> objectclass SambaSAMAccount does not persist in the DIT entry. Because
> this validation fails, the process of adding the SambaSAMAccount
> attributes fails in total.
> 
> When we add a DIT entry via an LDIF file that does specify the
> objectclass SambaSAMAccount, the SambaSAMAccount attributes are added to
> the DIT, but again the objectclass SambaSAMAccount is not persistent in
> the DIT.  As a result, ldap searches performed by Samba which seeks to
> locate the SambaSAMAccount objectclass fails, and again the process
> terminates in failure.

This would seem to be a very fundamental flaw in Domino, and you will
have a very hard time making Samba work with such a broken LDAP server.

Perhaps find out how to make the objectclass persist, then use local
scripts to get provision the users in the 'right' way.  I don't see how
Samba can really help, but if you manage to work it out, we will
certainly look at any patches or example scripts you come up with. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091029/59443472/attachment.pgp>

More information about the samba-technical mailing list