[Samba] Group memberships in LDAP
Rowland Penny
rowlandpenny at googlemail.com
Thu Sep 11 09:25:48 MDT 2014
On 11/09/14 15:48, Lars Hanke wrote:
> When adding / removing an existing user to / from an existing group,
> is there anything more to it than bookkeeping the 'member' and
> 'memberOf' attributes of the respective entries?
It is even easier than that, you just have to add the 'member' attribute
to a group , containing the DN of the user, once this is added the
'memberOf' attribute will appear in the users DN stanza.
i.e.
create an ldif:
dn: CN=<group name>,CN=Users,DC=example,DC=com
changetype: modify
add: member
member: CN=Test User,CN=Users,DC=example,DC=com
-
Then add it with ldbmodify
Rowland
>
> I'm currently writing a small tool to maintain POSIX attributes in AD
> and it seems that membership could be changed without falling back to
> samba-tool.
>
> When it's done and tested I'll be glad to share it.
>
> Regards,
> - lars.
More information about the samba
mailing list