[Samba] ldapsam:editposix with inetOrgPerson objectClass for users

Carlos Ramos Gómez carragom at gmail.com
Fri Feb 26 17:57:01 MST 2010

Hello list, have a samba 3.4.3 as domain controller with openldap as
backend, using ldapsam:trusted = Yes and ldapsam:editposix = Yes and
everything works like a charm. Now i would like to use this ldap for
storing more information about my users; full name, phone, address and
maybe even a picture. InetOrgPerson is the objectClass i would like to
use since it's standard and has all i need and more. Samba use the
account objectClass as structural class for user and computer
accounts, and since inetOrgPerson and account are both structural
openldap won't let me have both in the same entry. I've been checking
the code and it looks like the creation of the users with account as
objectClass is hardcoded in samba so i guess there is no parameter in
the configuration file which allows me to override this behavior. I
also tried to modify my schema making inetOrgPerson the parent class
of the account class but it turns out that sn is a required attribute
in inetOrgPerson and samba obviously doesn't add this parameter so the
user creation fails. The other options i see here would require heavy
modifications to the ldap schema or modify the samba itself to create
user accounts as inetOrgPerson and add an sn attribute in the process.
So before taking any of those options i just wanted to make sure that
there is not an easier one i have not seen. Any ideas are welcome.

Thanks a lot.

More information about the samba mailing list