[Samba] Samba 4 Active Directory Quotas

Rowland Penny rowlandpenny at googlemail.com
Sat Dec 27 03:43:05 MST 2014 

On 27/12/14 06:26, Greg Zartman wrote:
> I've been messing around with disk quotas for users and have seen some who
> have extended the Samba 4 AD schema to include a quota attribute.  For
> example, I found this schema extension here:
> http://fossies.org/linux/quota/ldap-scripts/quota.schema
>
> Is there a common method for doing this?
>

Yes, samba4 comes with a script: oLschema2ldif

To use this, you just need to create a file containing the schema on the DC:

root at dc01:~# nano quota.schema

##
## schema file for Unix Quotas
## Schema for storing Unix Quotas in LDAP
## OIDs are owned by Cogent Innovators, LLC
##
## 1.3.6.1.4.1.19937.1.1.x - attributetypes
## 1.3.6.1.4.1.19937.1.2.x - objectclasses
##

attributetype ( 1.3.6.1.4.1.19937.1.1.1 NAME 'quota'
     DESC 'Quotas (FileSystem:BlocksSoft,BlocksHard,InodesSoft,InodesHard)'
     EQUALITY caseIgnoreIA5Match
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} )

objectclass ( 1.3.6.1.4.1.19937.1.2.1 NAME 'systemQuotas' SUP 
posixAccount AUXILIARY
     DESC 'System Quotas'
     MUST ( uid )
     MAY  ( quota ))

Run this file through oLschema2ldif

NOTE: the 'basedn' is your rootdse, -I is where the ldif is and what you 
called it, -O is is where you want the new file to be created and what 
you want it to be called.

root at dc01:~# oLschema2ldif --basedn=DC=example,DC=com -I 
/root/quota.schema -O /root/quota.ldif

OK, first time through, you get an error:

Invalid entry objectclass ( 1.3.6.1.4.1.19937.1.2.1 NAME 'systemQuotas' 
SUP posixAccount AUXILIARY    DESC 'System Quotas' MUST ( uid )    MAY  
( quota )), closing braces needs to be preceeded by a space
Converted 1 records with 1 failures

Open the file again and change last line to this:

     MAY  ( quota ) )

Try again:

root at dc01:~# oLschema2ldif --basedn=DC=example,DC=com -I 
/root/quota.schema -O /root/quota.ldif
Converted 2 records with 0 failures

If you now open the new .ldif, you will find this:

dn: CN=quota,CN=Schema,CN=Configuration,DC=example,DC=com
objectClass: top
objectClass: attributeSchema
attributeID: 1.3.6.1.4.1.19937.1.1.1
schemaIdGuid:: s4wz77EabBjOCl35dQG3Yg==
cn: quota
name: quota
lDAPDisplayName: quota
description: Quotas (FileSystem:BlocksSoft,BlocksHard,InodesSoft,InodesHard)
attributeSyntax: 2.5.5.5
oMSyntax: 22
isSingleValued: FALSE

dn: CN=systemQuotas,CN=Schema,CN=Configuration,DC=example,DC=com
objectClass: top
objectClass: classSchema
governsID: 1.3.6.1.4.1.19937.1.2.1
schemaIdGuid:: TIwbIzyiBNzZEmBeS1XO4A==
cn: systemQuotas
name: systemQuotas
lDAPDisplayName: systemQuotas
subClassOf: posixAccount
objectClassCategory: 3
description: System Quotas
mustContain: uid
mayContain: quota
defaultObjectCategory: 
CN=systemQuotas,CN=Schema,CN=Configuration,DC=example,D
  C=com

You would then add this ldif to AD with:

ldbmodify -H path_to_sam_ldb /root/quota.ldif --option="dsdb:schema 
update allowed"=true

Note that the objectClass in the above ldif is a subclass of 
'posixAccount' and to use it, you will have to add the 'uid' attribute 
to all users, you do not need to add (and in fact should not) the 
'posixAccount' objectClass'.

Rowland

More information about the samba mailing list