Experience with migration from samba3 to samba4 and ovirt tests
Andrew Bartlett
abartlet at samba.org
Tue Nov 13 14:40:38 MST 2012
On Tue, 2012-11-13 at 22:36 +0100, Alejandro wrote:
>
>
>
> 2012/11/13 Andrew Bartlett <abartlet at samba.org>
> On Tue, 2012-11-13 at 17:02 +0100, Alejandro wrote:
> > I use the samba-tool domain samba3upgrade to move from
> samba3 ldap to
> > samba4. All was ok, but when I was triing to add domain to a
> Ovirt 3.1
> > Engine I find that no user has a UPN (UserPrincipalName)
> attribute.
> >
> > Ovirt use UPN in the ldap search to find the username with
> the usual format
> > LOGIN at DOMAINFQDN, but I find me forced to use a ldap tool to
> add the UPN
> > attribute to the needed users.
> >
> > Is a problem with migration or Samba4 don't create the UPN
> attrbute?
>
>
> I've had folks mention this before, but I'm not aware how we
> are any
> different to a windows AD DC in this regard. If you can show
> me how we
> differ, we can fix this up.
>
> Why does it have to do a search? Against AD, if you are doing
> 'ldap
> authentication' you can just log in with user at domain.com as
> the 'bind
> DN'.
>
>
>
>
> Appear that Ovirt do not only ldap authentication, is doing all the
> searchs in UPD format, example of filter to add Ovirt to the domain:
> filter=(&(sAMAccountType=805306368)(userPrincipalName=LOGIN at DOMAINFQDN))
>
>
>
> A search for any user is like:
> filter=(&(sAMAccountType=805306368)(|(givenname=TESTLOGIN)(sn=TESTLOGIN)(samaccountname=TESTLOGIN)(userPrincipalName=TESTLOGIN)))
>
>
>
> Ovirt need the UPN attribute even for search.
>
>
> I can't test any Windows Server for this attribute (I don't have any
> AD where I work).
Trial versions of Windows server are available for download and testing
from Microsoft:
https://www.microsoft.com/en-us/download/details.aspx?id=8371
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list