[Samba] Re: Novell EDirectory as LDAP backend

Stefan.Voelkel at millenux.com Stefan.Voelkel at millenux.com
Fri Feb 21 10:56:26 GMT 2003 

> > Yes, 8.6.3 on a RH 7.3 to be precise.
> I am using 8.7 on RH 7.3.
> > 
> > Works pretty good. I have not yet tried to integrate cups but user 
> > authentification (unix login) is done via pam_ldap, i just have some 
> > problems getting password syncronisation running, users can alt-ctrl-del 
> > an change their windows password, but I want to set the user unix 
> > password too.
> 
> That works for me, too.
> Concerning the passwd sync, have a look at the
> passwd program, passwd chat and unix passwd sync
> options in smb.conf.

Since I use eDirectory with ldap to authenticate users login into the machine,
I wanted to use the

	pam password change = true

setting, but I can not change passwords (even with passwd) at all:

	LDAP password information update failed: DSA is unwilling to perform

but that looks like an eDirectory or EPERM problem.

> >> The only thing that does not work is to ldapadd or ldif import users 
> >> with objectClass sambaAccount.
> > 
> > 
> > sambaAccount is an auxiliary class, i think you do need a real object 
> > class (like user). Take a look with the Schema Manager (ConsoleOne) at 
> > the user class, and the needed attributes (IIRC there are 4).
> 
> I have a real object. Are you able to add/import a user object with 
> sambaAccount on your system? If so, can you provide a working ldif 
> sample that works for you.

The 2.2.7 smbldap-*.pl scripts do not work for me too. I appended a diff from
a working version.

> I have tried the following w/o success.
> Create a working posixAccount/sambaAccount user with c1. Export it using 
> the export wizard. Delete the object and try to reimport it.
> -> object class violation

Ok that is rather odd ;)

-- 
--------------------------------------------------------------------
Stefan Völkel                            stefan.voelkel at millenux.com
Millenux GmbH                              mobile: +49.170.79177.17
Lilienthalstraße 2                          phone: +49.711.88770.300
70825 Stuttgart-Korntal                       fax: +49.711.88770.349
     -= linux without limits -=- http://linux.zSeries.org/ =-
-------------- next part --------------
--- smbldap-useradd.pl	Thu Feb 13 15:25:59 2003
+++ /usr/share/doc/samba-2.2.7a/examples/LDAP/smbldap-tools/smbldap-useradd.pl	Wed Dec 11 10:17:23 2002
@@ -1,7 +1,5 @@
 #!/usr/bin/perl 
 
-# $Id: smbldap-useradd.pl,v 1.23 2002/07/24 11:51:35 gmacinen Exp $
-#
 #  This code was developped by IDEALX (http://IDEALX.org/) and
 #  contributors (their names can be found in the CONTRIBUTORS file).
 #
@@ -159,7 +157,7 @@
 	$userName .= "\$";
     }
 
-    print "About to create machine $userName:\n";
+    #print "About to create machine $userName:\n";
 
     if (!add_posix_machine ($userName, $userUidNumber, $userGidNumber)) {
 	die "$0: error while adding posix account\n";
@@ -196,10 +194,10 @@
 
 my $tmpldif =
 "dn: uid=$userName,$usersdn
-objectclass: inetOrgPerson
+objectclass: top
+objectclass: account
 objectclass: posixAccount
 cn: $userName
-sn: $userName
 uid: $userName
 uidNumber: $userUidNumber
 gidNumber: $userGidNumber
@@ -271,7 +269,8 @@
 	my $tmpldif =
 "dn: uid=$userName,$usersdn
 changetype: modify
-objectClass: inetOrgPerson
+objectclass: top
+objectclass: account
 objectclass: posixAccount
 objectClass: sambaAccount
 pwdLastSet: 0

More information about the samba mailing list