[Samba] LDAP-Backend: How to store 'employeeNumber' in 'sambaGroupMapping'?

Adam Tauno Williams adamtaunowilliams at gmail.com
Sun Sep 21 12:52:37 GMT 2008

> If you don't already have a GUI for looking at the LDAP structure, I
> suggest that you install one - then you will easily be able to browse
> through the schema. Luma is the nicest LDAP GUI that I have been able to
> find.
> When I look at the sambaGroupMapping in the schema area in luma, I see
> the 'allowed attributes' -
> description
> displayName
> sambaSIDList
> Maybe you can use one of the first 2 to store your link string.

Never, ever, store any value in any LDAP attribute other than what
is/was intended to be stored their by the schema specification/designer.
Playing fast and loose with schema will eventually blow up in your face.
If you were using an RDBMS would you put the street address in the PO
number field?

> > this is a little bit off-topic, because it is rather LDAP related. I need to store an additional string in every 'posixGroup/sambaGroupMapping' object in the LDAP backend. (This string is used to hold an key to an external database.)
> > For user accounts I can use the 'employeeNumber' attribute which is provided by 'inetOrgPerson'. Any ideas what I could use for group accounts accordingly? Of course it must not interfere with Samba and PAM. The main problem is that 'posixGroup' is an structural class and thus all extra classes must be auxiliary.

Define an auxillary object class and add it to the object.  For instance
we have:

dn: cn=cis,ou=Groups,ou=SAM,o=Morrison Industries,c=US
cn: cis
gidNumber: 230
allowprimary: Y
objectClass: posixGroup
objectClass: top
objectClass: morrisongroup
objectClass: sambaGroupMapping
objectClass: opengroupwareentity
sambaSID: S-1-5-21-2037442776-3290224752-88127236-1461
sambaGroupType: 2
displayName: IT Staff
description: IT Staff
opengroupwareid: 11530
memberUid: adam
memberUid: rhopkins
memberUid: cleslie
memberUid: steve

where morrisongroup and opengroupwareentity are "local" schema.   Just
get an OID and design the required schema.

And to head off what is usually the next question: no, there is no such
thing as a local OID,  you *MUST* get a real OID.  Just go to
<http://pen.iana.org/pen/PenApplication.page> and register for one *AT
NO CHARGE*.  Then take a look at

          Consonance: an Open Source .NET OpenGroupware client.
 Contact:awilliam at whitemiceconsulting.com   http://freshmeat.net/projects/consonance/

More information about the samba mailing list