[Samba] Error when creating user with Samba 3.0 & LDAP
Jérôme Tournier
jerome.tournier at idealx.com
Sun Oct 12 21:43:23 GMT 2003
Le Sun, Oct 12, 2003 at 10:44:08PM +0200, Nicko a ecrit:
> But when i triy to add user with smbpasswd ou pdbedit i get these errors in
> debug mode (this user is an unix user).
> --SNIP--
> ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No
> such object)ldapsam_search_one_group: Query was: ou=Groups,
> (&(objectClass=sambaGroupMapping)(gidNumber=100))
> --SNIP--
Where does the unix user part is defined ? in the directory ?
I think you should better specifie a default gidNumber for the users to
be 513 for 'Domain Users' ($_defaultUserGid = 513 in the smbldap_conf.pm).
If you installed the Idealx's tools, why don't you use the
'smbldap-useradd.pl -a user' instead of smbpasswd or pdedit ?
btw, i have attached to this mail the last updated script of
smbldap-populate.pl that created the ldap directory structure, and that
included the mapping of the groups.
--
Jérôme Tournier IDEALX SAS
Administrateur Systèmes 15-17 Avenue de Segur
jerome.tournier at IDEALX.com 75007 PARIS
Tel.: 01 44 42 00 37 Fax.: 01 44 42 00 37
gpg key ID: 0xDA962B24
-------------- next part --------------
#!/usr/bin/perl -w
# Populate a LDAP base for Samba-LDAP usage
#
# $Id: smbldap-populate.pl,v 1.18 2003/09/19 12:36:44 jtournier Exp $
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
# Copyright (C) 2001-2002 IDEALX
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
# USA.
# Purpose :
# . Create an initial LDAP database suitable for Samba 2.2
# . For lazy people, replace ldapadd (with only an ldif parameter)
use strict;
use FindBin;
use FindBin qw($RealBin);
use lib "$RealBin/";
use smbldap_tools;
use smbldap_conf;
use Getopt::Std;
use Net::LDAP::LDIF;
use vars qw(%oc);
# objectclass of the suffix
%oc = (
"ou" => "organizationalUnit",
"o" => "organization",
"dc" => "dcObject",
);
my %Options;
my $ok = getopts('a:b:?', \%Options);
if ( (!$ok) || ($Options{'?'}) ) {
print "Usage: $0 [-ab?] [ldif]\n";
print " -a administrator login name (default: Administrator)\n";
print " -b guest login name (default: nobody)\n";
print " -? show this help message\n";
print " ldif file to add to ldap (default: suffix, Groups,";
print " Users, Computers and builtin users )\n";
exit (1);
}
my $_ldifName;
my $tmp_ldif_file="/tmp/$$.ldif";
if (@ARGV >= 1) {
$_ldifName = $ARGV[0];
}
my $adminName = $Options{'a'};
if (!defined($adminName)) {
$adminName = "Administrator";
}
my $guestName = $Options{'b'};
if (!defined($guestName)) {
$guestName = "nobody";
}
if (!defined($_ldifName)) {
my $attr;
my $val;
my $objcl;
print "Using builtin directory structure\n";
if ($suffix =~ m/([^=]+)=([^,]+)/) {
$attr = $1;
$val = $2;
$objcl = $oc{$attr} if (exists $oc{$attr});
if (!defined($objcl)) {
$objcl = "myhardcodedobjectclass";
}
} else {
die "can't extract first attr and value from suffix $suffix";
}
#print "$attr=$val\n";
my ($organisation,$ext) = ($suffix =~ m/dc=(\w+),dc=(\w+)$/);
#my $FILE="|cat";
my $FILE=$tmp_ldif_file;
open (FILE, ">$FILE") || die "Can't open file $FILE: $!\n";
print FILE <<EOF;
dn: $suffix
objectClass: $objcl
objectclass: organization
$attr: $val
o: $organisation
dn: $usersdn
objectClass: organizationalUnit
ou: $usersou
dn: $groupsdn
objectClass: organizationalUnit
ou: $groupsou
dn: $computersdn
objectClass: organizationalUnit
ou: $computersou
dn: uid=$adminName,$usersdn
cn: $adminName
sn: $adminName
objectClass: inetOrgPerson
objectClass: sambaSAMAccount
objectClass: posixAccount
gidNumber: 512
uid: $adminName
uidNumber: 998
homeDirectory: $_userHomePrefix
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaHomePath: $_userSmbHome
sambaHomeDrive: $_userHomeDrive
sambaProfilePath: $_userProfile
sambaPrimaryGroupSID: $SID-512
sambaLMPassword: XXX
sambaNTPassword: XXX
sambaAcctFlags: [U ]
sambaSID: $SID-2996
loginShell: /bin/false
gecos: Netbios Domain Administrator
dn: uid=$guestName,$usersdn
cn: $guestName
sn: $guestName
objectClass: inetOrgPerson
objectClass: sambaSAMAccount
objectClass: posixAccount
gidNumber: 514
uid: $guestName
uidNumber: 999
homeDirectory: /dev/null
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaHomePath: $_userSmbHome
sambaHomeDrive: $_userHomeDrive
sambaProfilePath: $_userProfile
sambaPrimaryGroupSID: $SID-514
sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaAcctFlags: [NU ]
sambaSID: $SID-2998
loginShell: /bin/false
dn: cn=Domain Admins,$groupsdn
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 512
cn: Domain Admins
memberUid: $adminName
description: Netbios Domain Administrators
sambaSID: $SID-512
sambaGroupType: 2
displayName: Domain Admins
dn: cn=Domain Users,$groupsdn
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaSID: $SID-513
sambaGroupType: 2
displayName: Domain Users
dn: cn=Domain Guests,$groupsdn
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 514
cn: Domain Guests
description: Netbios Domain Guests Users
sambaSID: $SID-514
sambaGroupType: 2
displayName: Domain Guests
dn: cn=Administrators,$groupsdn
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 544
cn: Administrators
description: Netbios Domain Members can fully administer the computer/sambaDomainName
sambaSID: $SID-544
sambaGroupType: 2
displayName: Administrators
dn: cn=Users,$groupsdn
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 545
cn: Users
description: Netbios Domain Ordinary users
sambaSID: $SID-545
sambaGroupType: 2
displayName: users
dn: cn=Guests,$groupsdn
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 546
cn: Guests
memberUid: $guestName
description: Netbios Domain Users granted guest access to the computer/sambaDomainName
sambaSID: $SID-546
sambaGroupType: 2
displayName: Guests
dn: cn=Power Users,$groupsdn
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 547
cn: Power Users
description: Netbios Domain Members can share directories and printers
sambaSID: $SID-547
sambaGroupType: 2
displayName: Power Users
dn: cn=Account Operators,$groupsdn
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 548
cn: Account Operators
description: Netbios Domain Users to manipulate users accounts
sambaSID: $SID-548
sambaGroupType: 2
displayName: Account Operators
dn: cn=Server Operators,$groupsdn
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 549
cn: Server Operators
description: Netbios Domain Server Operators (need smb.conf configuration)
sambaSID: $SID-549
sambaGroupType: 2
displayName: Server Operators
dn: cn=Print Operators,$groupsdn
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 550
cn: Print Operators
description: Netbios Domain Print Operators (need smb.conf configuration)
sambaSID: $SID-550
sambaGroupType: 2
displayName: Print Operators
dn: cn=Backup Operators,$groupsdn
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 551
cn: Backup Operators
description: Netbios Domain Members can bypass file security to back up files
sambaSID: $SID-551
sambaGroupType: 2
displayName: Backup Operators
dn: cn=Replicator,$groupsdn
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 552
cn: Replicator
description: Netbios Domain Supports file replication in a sambaDomainName
sambaSID: $SID-552
sambaGroupType: 2
displayName: Replicator
dn: cn=Domain Computers,$groupsdn
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 553
cn: Domain Computers
description: Netbios Domain Computers accounts
sambaSID: $SID-553
sambaGroupType: 2
displayName: Domain Computers
EOF
close FILE;
} else {
$tmp_ldif_file=$_ldifName;
}
my $ldap_master=connect_ldap_master();
my $ldif = Net::LDAP::LDIF->new($tmp_ldif_file, "r", onerror => 'undef' );
while( not $ldif->eof() ) {
my $entry = $ldif->read_entry();
if ( $ldif->error() ) {
print "Error msg: ",$ldif->error(),"\n";
print "Error lines:\n",$ldif->error_lines(),"\n";
} else {
my $dn = $entry->dn;
print "adding new entry: $dn\n";
my $result=$ldap_master->add($entry);
$result->code && warn "failed to add entry: ", $result->error ;
}
}
$ldap_master->unbind;
system "rm -f $tmp_ldif_file";
exit(0);
########################################
=head1 NAME
smbldap-populate.pl - Populate your LDAP database
=head1 SYNOPSIS
smbldap-populate.pl [ldif-file]
=head1 DESCRIPTION
The smbldap-populate.pl command helps to populate an LDAP server
by adding the necessary entries : base suffix (doesn't abort
if already there), organizational units for users, groups and
computers, builtin users : Administrator and guest, builtin
groups (though posixAccount only, no SambaTNG support).
-a name Your local administrator login name (default: Administrator)
-b name Your local guest login name (default: nobody)
If you give an extra parameter, it is assumed to be the ldif
file to use instead of the builtin one. Options -a and -b
will be ignored.
=head1 FILES
/usr/lib/perl5/site-perl/smbldap_conf.pm : Global parameters.
=head1 SEE ALSO
smp(1)
=cut
#'
# - The End
More information about the samba
mailing list