[Samba] LDAP (Schemas,Users) to Samba4 migration

Thu Apr 11 17:30:24 MDT 2013

On Thu, 2013-04-11 at 05:06 -0700, alxgrb wrote:
> I have changed... 
> alxgrb at ubsrv:~ sudo /usr/local/samba/bin/ldbadd -H
> /usr/local/samba/private/sam.ldb testuser.ldif 
> [sudo] password for alxgrb: 
> ERR: No such attribute : "objectclass_attrs: attribute 'sambaSID' on entry
> 'UID=bmontag,CN=Users,DC=demo,DC=lan' was not found in the schema!" on DN
> uid=bmontag,cn=Users,dc=demo,dc=lan at block before line 18
> Add failed after processing 0 records
> 
> Must I create a schema?

At this stage, the discussion is getting quite circular, because I think
you need to go back and do some background research in the difference
between AD and traditional openldap based LDAP configurations.

You seem to be trying to have a bit of both, and that is really causing
you trouble.

If you don't have a Samba domain currently, why do you try and specify a
sambaSID?  

If you do have a samba domain (why else do you have sambaSID values),
then please use the classicupgrade script.  

In any case, you cannot specify specific SID values in active directory
- except during upgrades that we very carefully handle, this is
prohibited because it would interfere with the distributed allocation
scheme.  

I do wish you the best with installing Samba 4.0, but please where
possible follow the already established approaches, as it is that way
that others can help you most, because it will be similar to what they
have done. 

Find some examples of adding users via LDIF, and then make your LDIF
look as similar to that as possible. 

Please specify as little as possible in your ldif.  You actually only
need objectclass: person.  AD will fill the other bits, and that will
skip the shadowAccount that also makes no sense.  You should also be
aware that the username in AD is samAccountName, not uid. 

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org