[Samba] Creating users via Perl Net::LDAP

Michael Ray mray at xes-inc.com
Mon Jan 28 15:08:28 MST 2013 

Pablo- 

I'm certainly no expert on the matter, but what comes to mind quickly: is the user account enabled? If it is enabled, is a password set? 
It may be this simple, as I have just added a user to AD via the windows ldifde tool and he was defined as far as a CN and objectClass. When I look him up in the database, his objectSID, sAMAccountName/Type and everything else necessary is populated. 
If I set a password and enable the account, I can log in as him. 

The gist of this being, I think you ought to be able to create a user creation script. 

Let me know how it goes too, I may end up trying to do something similar. 

Good luck, 
Mike Ray 


----- Original Message -----

From: "Pablo T. Virgo" <pvirgo at solutionsforprogress.com> 
To: samba at lists.samba.org 
Sent: Monday, January 28, 2013 1:49:55 PM 
Subject: [Samba] Creating users via Perl Net::LDAP 

Hey there folks, 

I put together a little Perl script that makes an LDAP connection to a Samba4 server and creates the cn=username,cn=users,... part of a user account. 

It appears that this is not sufficient to get a fully functioning Active Directory type log-in; from the howto I can deduce that my effort is missing a sidMap, and there might be a good deal more to creating full AD users and groups than the simple LDAP entry as I had hoped. 

1. Is it reasonable to think that one could create a full AD user / group in Samba 4 using an LDAP type interface? 

2. If so, aside from attempting to read the code (I'm not currently fluent in Python), where would I find documentation on what data needs to be generated? Sorry if my google and Really-Fine-Manual glasses have failed. 

Before someone points out my obvious mistake of reinventing the wheel, the short version is that I'm hoping to manage users for a custom environment that needs to sync a bunch of weird parts, and was hoping to write something that could manage them all via APIs and network interfaces rather than just writing a bash wrapper that would only work on a master server. 

Thanks for your help! 

-- 
Pablo Virgo 
System Administrator 

Solutions for Progress, Inc. 
728 South Broad Street 
Philadelphia, PA 19146 

Phone: 215-701-8075 
Fax: 215-972-8109 

-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba

More information about the samba mailing list