[Samba] LDAP arrangement for machines

Gerald (Jerry) Carter jerry at samba.org
Tue Aug 19 13:13:12 GMT 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 19 Aug 2003, Nick Urbanik wrote:

> Dear Folks,
> 
> Now trying to get Samba 3.0.0 RC1 up and running only with LDAP, as PDC.  I am
> using openldap 2.1.22-5 from rawhide on RH9.  pbedit was able to migrate the
> user accounts to the existing posixAcounts in LDAP (nice!) but not the machine
> accounts, which had no pre-existing entries beyond the top-level entry
> ou=Devices.
> 
> Since the sambaSamAccount is auxiliary, it needs a structural objectClass to
> work with.  What structural objectClass should samba add?

Should just use the account objectclass.  

> Do I need to write a script to add the machine accounts?

There are a lot of ways to solve your problem.  Writing a script is one of 
them.

> I thought of a hierarchy like this: ou=People, and ou=Group and ou=Devices under
> the root of the hierarchy, then under ou=Devices, have entries with the
> objectClasses device and sambaSamAccount.  Is that the intention?

You could.  See the 'ldap machine suffix'.  Be aware that there is a bug 
that requires the 'ldap suffix' to be defined first if you are using 
something like

	ldap suffix         = dc=plainjoe,dc=org
        ldap user suffix    = ou=people
        ldap machine suffix = ou=devices

And make sure to not use quotes since this is another bug :-(  Sorry.

> How does the "adding a machine" operation work with LDAP (or how is it intended
> to work)?
> 
> The HOWTO seems not to explain these points, or have I missed it?

The LDAP docs are a little outdated for 3.0.  I'll try to update them
before RC2.



cheers, jerry
 ----------------------------------------------------------------------
 Hewlett-Packard            ------------------------- http://www.hp.com
 SAMBA Team                 ---------------------- http://www.samba.org
 GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
 "You can never go home again, Oatman, but I guess you can shop there."  
                            --John Cusack - "Grosse Point Blank" (1997)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE/QiJoIR7qMdg1EfYRAulEAJ9x+Zeo2vTJq3+hKDtjtx0WgiTV6gCgk5Ik
MH1G8AhpNj2smfs/IfLzeQ4=
=NqT8
-----END PGP SIGNATURE-----

More information about the samba mailing list