[Samba] SambaPosix tool

Lars Hanke debian at lhanke.de
Wed Nov 5 15:07:05 MST 2014

Am 05.11.2014 um 22:31 schrieb Rowland Penny:
> On 05/11/14 21:17, Lars Hanke wrote:
>> As announced several weeks ago, I'd share my tool to manage POSIX
>> attributes in Samba4 AD LDAP.
>> You can find it at https://github.com/laotse/SambaPosix.
>> It works on my particular system, but it is largely untested and
>> weakly documented. But it supports a --dry-run mode, which produces
>> LDIF, if you don't trust the tool. ;)
>> I'll welcome contributions: tests, documentation, comments,
>> extensions, fixes, ...
>> Have fun,
>>  - lars.
> After a quick scan, it would appear that you are adding 'posixAccount'
> to a user, please don't do this, ADUC doesn't do this because the
> 'posix*' objectClasses are auxiliaries of other objectClasses, like 'user'.

In a LDAP with schema these would even be required. I accept that M$ 
doesn't do it, so it might call for another option.

In my particular setup, I did not posixify all users and groups. E.g. 
Administrator is no POSIX user. Having the object classes around helps 
to filter out these, so nslcd and friends don't have to bother with 
incomplete RFC fields. This is to say, I see a benefit in having the 
objectClasses. So far I did not encounter problems. Is there any trouble 

  - lars.

More information about the samba mailing list