[Samba] AD / new auxiliary class / vb script

Matthieu Patou mat at samba.org
Wed May 23 11:56:22 MDT 2012 

On 05/23/2012 06:48 AM, Hervé Hénoch wrote:
> Hello
>
> I've modified AD schema by adding a new auxiliary class (iscA) with an 
> auxilairy attribute (iscA1).
>
> I've followed this explanation /_*entirely*_/ : 
> http://semifershome.free.fr/semifer/index.php?2008/02/12/42-etendre-le-schema-active-directory-classes-attributs-et-display-specifiers
>
> I've named the menu item with the same name (AllowedService). By 
> right-clicking on a AD user then on the menu AllowedService, the 
> following script is executed and it is intended to modify iscA1 
> attribute. The script is :
>
> /set args = WScript.arguments
> Set user = GetObject(args(0))
>
> temp = InputBox("iscA1 value", "Set iscA1", user.iscA1)
> user.put "iscA1", temp
> user.setInfo/
>
> My first problem : when I right-click I've the message : "this object 
> does not support this property or method".
> Precision : i've linked my new auxiliary class with user class.
>
> So i've created the following script which add iscA class and iscA1 
> attribute to a specific user :
> /
> Set user = GetObject("LDAP://cn=toto,cn=users,<my domain>")
> user.GetInfo
>
> user.PutEx 3, "objectClass", Array("iscA")
> user.Put "isc1", "toto"
Is it a typo that you set the attribute "isc1" and not "iscA1" ?
> user.SetInfo/
>
> After the execution of this script the right-click above run and I can 
> modify the value of iscA1 attribute for user toto.
> But I can't see the last value (given by /user.iscA1/) : always empty 
> while in the LDAP database I can see the value is correctly set.
>
> Two questions :
>
> 1) Why the first script fail ? Why must I execute the second script 
> first ?
>
> 2) Why can't i see the last value of iscA1 when I run the first script ?

As you are using auxiliarly class this should work, can we check a few 
things:

1) What is the ouput of ldbsearch -H ldap://dc_ip --cross-ncs 
'(ldapdisplayname=iscA)'
2) What is the output of ldbsearch -H ldap://dc_ip --cross-ncs 
'(auxiliaryClass=iscA)'

We might have a bug in the way the auxiliary class is registered to its 
parent class.

Could you make a test with you script to set the unixHomeDirectory, it's 
also linked the user objectclass with the posixaccount auxiliary class.

Would be good to trace also the whole stuff, see
https://wiki.samba.org/index.php/Capture_Packets
https://wiki.samba.org/index.php/Keytab_Extraction

In how to make capture and extract keytab in order to be able to decrypt 
encrypted traffic.


Matthieu

-- 
Matthieu Patou
Samba Team
http://samba.org

More information about the samba mailing list