[Samba] LDAP arrangement for machines

Nick Urbanik nicku at vtc.edu.hk
Tue Aug 19 13:35:40 GMT 2003 

Dear Folks,

Thanks, Jerry, for your most helpful and rapid reply!

"Gerald (Jerry) Carter" wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Tue, 19 Aug 2003, Nick Urbanik wrote:
>
> > Dear Folks,
> >
> > Now trying to get Samba 3.0.0 RC1 up and running only with LDAP, as PDC.  I am
> > using openldap 2.1.22-5 from rawhide on RH9.  pbedit was able to migrate the
> > user accounts to the existing posixAcounts in LDAP (nice!) but not the machine
> > accounts, which had no pre-existing entries beyond the top-level entry
> > ou=Devices.
> >
> > Since the sambaSamAccount is auxiliary, it needs a structural objectClass to
> > work with.  What structural objectClass should samba add?
>
> Should just use the account objectclass.

Okay, I will.  Does samba add that, or should I add it?

> > Do I need to write a script to add the machine accounts?
>
> There are a lot of ways to solve your problem.  Writing a script is one of
> them.

I would like to deploy samba with about 350--400 machines.  I would like to set up
the least labour intensive way of adding machines to the domain, that is as centrally
managed as possible.  Would writing a little perl add machine script be a good road
towards that end?  I can do it; I just want some pointers on which way to head.

> > I thought of a hierarchy like this: ou=People, and ou=Group and ou=Devices under
> > the root of the hierarchy, then under ou=Devices, have entries with the
> > objectClasses device and sambaSamAccount.  Is that the intention?
>
> You could.  See the 'ldap machine suffix'.  Be aware that there is a bug
> that requires the 'ldap suffix' to be defined first if you are using
> something like

Aha, thank you.

>         ldap suffix         = dc=plainjoe,dc=org
>         ldap user suffix    = ou=people
>         ldap machine suffix = ou=devices
>
> And make sure to not use quotes since this is another bug :-(  Sorry.

No need for apologies, now I know; it was mentioned in the HOWTO also.

> > How does the "adding a machine" operation work with LDAP (or how is it intended
> > to work)?
> >
> > The HOWTO seems not to explain these points, or have I missed it?
>
> The LDAP docs are a little outdated for 3.0.  I'll try to update them
> before RC2.
>
> cheers, jerry

Thank you very much.

--
Nick Urbanik   RHCE                               nicku(at)vtc.edu.hk
Dept. of Information & Communications Technology
Hong Kong Institute of Vocational Education (Tsing Yi)
Tel:   (852) 2436 8576, (852) 2436 8713          Fax: (852) 2436 8526
PGP: 53 B6 6D 73 52 EE 1F EE EC F8 21 98 45 1C 23 7B     ID: 7529555D
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24   ID: BB9D2C24

More information about the samba mailing list