[Samba] Samba LDAP Tools

FC Mario Patty fcmario76 at gmail.com
Thu Oct 9 06:07:43 GMT 2008

Hi Loren,

I don't understand what you meant by transaction, SQL, and so on, but
I've been using samba and open ldap to provide single login mechanism
for qmail-ldap, domain controller, squid, etc, for 2 years now and
they're still running very good. I can join windows machine into the
domain controller or change user's password using windows wizard. If I
wanted to modify the back end database, e.g. to modify a bunch of
user's attribute(s) like mailQuotaSize, I simply created a script that
will create an LDIF file, and then use that LDIF file with openldap's
command like ldapmodify, etc. If you don't want to type any password
manually, you can append the option 'w' (for ldapmodify command), and
put in your password then. To create windows user, we can use
smbldap-tools. So, that's all. I hope it can help.


On 10/3/08, Loren M. Lang <lorenl at alzatex.com> wrote:
> I am looking for some good tools to manage Samba users in LDAP.  It
> looks like there are several good tools mentioned on the Samba Wiki, but
> I am concerned mostly with the proper addition of new users to LDAP, in
> particular, generating unique SIDs.  smbldap-useradd, for example,
> generates the SIDs for primary user and group based off of a simple
> formula based on the UID and GID, whereas Samba itself using a very
> simple mechanism of storing the next free RID in an LDAP attribute.
> Since I still plan to use the Add Computer to Domain wizard in Windows
> for adding computers, I am concerned that an overlap could occur between
> these two approaches.  AFAIK, there are no SQL-like feature in LDAP like
> transactions, unique indices, or sequences that would allow multiple
> mechanisms to generate a unique SID.  I wouldn't mind a tool like
> pdbedit which goes through Samba to update the backend db, but I want it
> to be scriptable and not ask for a password so I can integrate password
> updates with other systems such as LDAP (using userPassword) and
> Kerberos.
> --
> Loren M. Lang
> lorenl at alzatex.com
> http://www.alzatex.com/
> Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc
> Fingerprint: 10A0 7AE2 DAF5 4780 888A  3FA4 DCEE BB39 7654 DE5B

More information about the samba mailing list