s4: new classicupgrade and uids
Andrew Bartlett
abartlet at samba.org
Fri Jun 22 02:11:36 MDT 2012
On Thu, 2012-06-21 at 16:43 +0400, Sergey Urushkin wrote:
> Hi!
> I've just made a test upgrade from s3 with the new uid/gid migration
> feature and I have some questions:
>
> 1. Computer accounts have objectclass:posixAccount and uidNumber
> attributes. What is it for? As far as I know unix computer accounts are
> needed only for s3 dc, am I right? If so, than computer accounts should
> be excluded somehow.
Computers can log in and own files, and so we need to preserve the
uidNumber that has been assigned, to preserve this file ownership.
> 2. 'Administrator' hasn't got an uidNumber (while it had it in
> openldap), so it makes me map it manually. Is it a bug or feature?
Simply a bug.
> 3. To have an ability to manage user's uid, gid, etc. through dsa.msc we
> need to add NIS domain to AD. And then add some attributes to
> accounts/groups. Why not to add NIS domain (it's a simple ldif) to
> config while provisioning (named as workgroup by default and also have
> an provision/classicupgrade option to change the name) and then
> additionally modify users like this:
> changetype: modify
> replace: msSFU30NisDomain
> msSFU30NisDomain: $NISDOMAIN
> -
> replace: msSFU30Name
> msSFU30Name: $USER
>
> and groups like this:
>
> changetype: modify
> replace: msSFU30NisDomain
> msSFU30NisDomain: $NISDOMAIN
> -
> replace: msSFU30Name
> msSFU30Name: $GROUP
I thought that the whole point of the new rfc2307 support was to avoid
needing to set these SFU attributes?
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list