Samba4 experiences

[Dirk Gouders]

simo <idra at samba.org> writes:

> Dirk,
> only replying to what I know inline.
>
> On Thu, 2011-09-15 at 16:24 +0200, Dirk Gouders wrote:
>> * I accessed LDAP with jxplorer and cannot modify user data; it
>>   reports that all mandatory attributes must have values.
>>   I did not look too deep into it but noticed a mandatory attribute
>>   "nTSecurityDescriptor" that I did not find in the user entry I wanted
>>   to modify.
>
> Is jxplorer trying to enforce something here ?
> ntSecurityDescriptor contains object ACLs and is sort of special and you
> do not need to set it when you modify entries.
>
> Are you trying to create a user entry directly from jxplorer ? I would
> warn against it and use native tools to create users instead.

Yes, for adding users I use samba-tool (the question what it means to
enable a user comes into mind).  With jxplorer, I was just testing if I
can modify "trivial" attributes like displayName.  I guess that jxplorer
does a full consistency check against the schema before it tries to
perform the update and that check somehow fails.  I will have to take a
closer look at it.

>> * With phpldapadmin the modification of e.g. displayName works, but I
>>   cannot add an attribute "memberOf".  I am not sure if that would be
>>   the correct way to manage group membership or if there is a better
>>   way (except the tools that run under Windows) to do that.
>
> Memberof is a linked attribute and cannot be changed, you need to change
> the member attribute in the group if you want to add a user to a group.
> That will modify the memberof attribute on the user entry automatically.

Thanks for that information, tried it and it works.

Dirk