[Samba] some samba4 AD questions, after a week of playing around
Rowland Penny
rowlandpenny at googlemail.com
Tue Nov 19 08:04:29 MST 2013
On 19/11/13 14:20, mourik jan heupink wrote:
> Hi,
>
> I've been experimenting with samba4 for a little while now, and some
> things go very smoothly, others not quite so. :-) However I have some
> questions that hopefully some of you can help with.
>
> 1. In samba3/openldap we have seperate ou for groups and users. The
> samba-tool classicupgrade migrates these both into one single
> CN=Users. Is there a way to seperate them, like we had in samba3? (or
> is that not recommendable anymore?)
Samba4 works like a windows AD server, this is why all your users and
groups are in CN=Users, but you can create different OU's if you wish.
>
> 2. We have many openldap users with more than one mail attribute.
> Works good with postfix/dovecot. I found out that in AD users can only
> have one single mail attribute? I'm guessing we're not alone in
> this... How to best deal with this?
>
There is another mail attribute, otherMailbox - this is multi-valued
unlike mail which is single-valued, but it cannot be used with groups.
> 3. We would like to copy many more attributes than just the basic
> username/displayname/groups and logonscript. I was advised here of the
> list to build a script to connect to my ldap and update my sam
> accordingly with ldbmodify (thread:
> http://marc.info/?t=138419682600017) While I'm trying to do that now,
> I'm not a scripting guru, and it's not progressing very quickly.
> Therefore: anyone has some more tips/clues that could save me some time?
>
> Thanks for some tips...!
>
> MJ
Never had to do this, but it boils down to comparing your s3 user with
your s4 user and adding the differences, do not bother with the posix
objectclasses, they are auxillaries of user & group.
Rowland
More information about the samba
mailing list