[Samba] Samba 4 posixGroup mapping

steve steve at steve-ss.com
Tue Feb 7 08:02:56 MST 2012

Hi Geza, hi everyone
I had a go at the script:
s4user <cn> <uid> <gid> <windows-group>
where <windows-group> is a posiixGroup'ified group from samba-tool group 
cat s4user
echo "Creating s4 posix user "$1
echo "Pls enter pwd for "$1
samba-tool user add $1
echo "dn: cn=$1,cn=Users,dc=hh3,dc=site
changetype: modify
add: objectclass
objectclass: posixaccount
add: uidnumber
uidnumber: $2
add: gidnumber
gidnumber: $3
unixhomedirectory: /home/CACTUS/$1
add: loginshell
loginshell: /bin/bash" > $1
#ldbmodify -f /some/temporary-file ###can't get the syntax!###
ldapmodify -h -D cn=Administrator,cn=Users,dc=hh3,dc=site -f 
samba-tool group addmembers $4 $1
mkdir /home/CACTUS/$1
chown $1:$4 /home/CACTUS/$1
rm $1
echo $1 "rfc2307-ified"


./s4user steve6 3000030 2000 suseusers
Creating s4 posix user steve6
Pls enter pwd for steve6
New Password:
User 'steve6' created successfully
SASL/GSSAPI authentication started
SASL username: Administrator at HH3.SITE
SASL data security layer installed.
modifying entry "cn=steve6,cn=Users,dc=hh3,dc=site"
Added members to group suseusers
steve6 rfc2307-ified
hh3:/home/steve # exit
steve at hh3:~> su steve6
Warning: Your password will expire in 41 days on Tue 20 Mar 2012 14:52:02
steve6 at hh3:/home/steve> cd ../CACTUS/steve6
steve6 at hh3:~> touch hola
steve6 at hh3:~> ls -la
total 12
drwxr-xr-x  2 steve6 suseusers 4096 Feb  7 14:53 .
drwxr-xr-x 10 root   root      4096 Feb  7 14:52 ..
-rw-r--r--  1 steve6 suseusers    0 Feb  7 14:53 hola
-rw-------  1 steve6 suseusers   48 Feb  7 14:52 .xauthoa0jlX
steve6 at hh3:~>


I need to tidy the script up a bit and particularly look for the nslcd 
pid before continuing.
As usual, a few qns. Sorry.
1. As this ignores winbind, is there any need to use winbind like uid's?
2. I can't get the syntax for ldbmodify:(
3. Is there a cheap way to get the next available uid from ldap? I 
thought of sticking a base id in a file and incrementing it each time 
s4user was called. Then pulling it back from the file when the script 
was called for the next user.


More information about the samba mailing list