[Samba] smbgroupedit does not honor ldap parameters from smb.conf

Kristis Makris kristis.makris at datasoft.com
Tue Mar 11 21:25:24 GMT 2003


I've been using samba-3alpha22 as a PDC authenticating against LDAP. I
am trying to add NT Groups using the smbgroupedit utility.

It seems to me that smbgroupedit always looks in /etc/group and does not
take into account the ldap configuration options specified in smb.conf.
The relevant ldap entries are:

passdb backend = ldapsam:ldap://ebola/
ldap suffix="dc=datasoft, dc=com"
ldap admin dn = "cn=root, dc=datasoft, dc=com"
ldap ssl = off
ldap passwd sync = yes
ldap trust ids = yes

Regardless of whether I have an entry in LDAP that belongs in the
posixGroup and/or posixAccount ObjectClasses, it looks like smbgroupedit
only consults /etc/group

# ./smbgroupedit  -a nyNewGroup -t d
unix group nyNewGroup doesn't exist!

I would also expect that smbgroupedit would try to add new groups in
LDAP, if entries for them where not already there.

Does anybody know what the status of this utility is ? 

I have noticed the "add group script", "add user to group script", and
"add user script" configuration parameters, and in the examples of those
the /usr/local/samba/bin/add_user script is listed, while no such
utility is shipped with the samba3-alpha22 source. What is the samba
designated utility (if there is one) for adding groups to the
*authentication database* that is independent of what that database is
(pwdb/LDAP) ?


More information about the samba mailing list