[Samba] Creating users via Perl Net::LDAP (solved)

Pablo T. Virgo pvirgo at solutionsforprogress.com
Thu Feb 14 14:12:34 MST 2013

To answer my previous questions, in case anyone else ever comes running to google.

1. Samba 4 is an active directory work alike, so searches like "add active directory user Perl" may turn up results that "add samba4 user perl" will not.  I should have realized that sooner.

2. Minimally, the following attributes need to be set (pseudo-code):

objectClass        = ("top", "person", "organizationalPerson", "user")
cn                 = $username
distinguishedName  = "cn=" . $username . ",cn=Users," . $domain_name;

unicodePwd         = $encoded_password # This attribute is not visible via browsing

sAMAccountName     = $username,
userPrincipalName  = $username . '@' . $domain_name,

userAccountControl = '512' # This makes the difference between a locked and available 				   # account

3. The following may get you part-way to roaming profiles, though I seem to be missing something still, maybe on permissions. Note that '\\' will be '\\\\' by the time you escape it in Perl.

profilePath = '\\' . $server_url . '\profiles\' . $username . '\'

4.  Actually encoding a Windows available password:

use Unicode::String qw(utf8 utf16le);

# pass_encode($string)
# Take a string, encode it to a form appropriate for Windows machines to
# read as a password.  This can actually be done in a single line of
# code, but for clarity's sake I have broken it down.
sub pass_encode
  my $password = $_[0];

  # Create a string object, which includes the function to convert to
  # desired "utd16le" form.
  my $pass_utf8 = utf8('"' . $password . '"');

  # Get the utf16le format, which is apparently Windows specific.
  my $pass_win = $pass_utf8->utf16le();

  return $pass_win;

Anyway, I hope that helps the next guy out.  Good luck out there!

Pablo Virgo
System Administrator

Solutions for Progress, Inc.
728 South Broad Street
Philadelphia, PA 19146

Phone: 215-701-8075
Fax:   215-972-8109
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20130214/0839dff0/attachment.pgp>

More information about the samba mailing list