[Samba] [samba4ad] Duplicate attributes list ?

Mon Feb 8 17:00:49 UTC 2016

Thank you Rowland for that reply, even if answer to Q2 is not a list of
deplicated attributes but the schema which contains all attributes.

To answer you: I'm trying to understand.
I'm currently working for one company to help them design an AD hosted by
Samba. I won't be there to manage it and they already have peoples working
with LDAP trees, these coming with their own habits.

I would have that list to be able to tell them which attributes can be
used, which can't. "name" is quiet common and can be used for lot kind of
data with meaning but we can't use that attribute to store anything in it
as it refers to RDN which is by default CN.

I think this information is important to avoid using these specials
attributes. Someone who don't know enough the product could decide to use
"name" to store some name (girlfriend name? shoes mark name? Last name?)
into that field. The idea won't be too bad... as long as we don't apply the
idea : )

And as most companies have one desire which is maling more profit, peoples
managing softwares don't have necessarily the time to dig deep enough into
products to avoid such mistake.

More: as shown your reply where you pointed me to AD schema this
information is not easy to get, not even for someone like you who knows
this product quiet well I must say... so for someone who has no motivation
to work on that subject for a not-beloved-company I expect this one won't
try to find that answer...

Best regards,

mathias

2016-02-05 17:50 GMT+01:00 Rowland penny <rpenny at samba.org>:

> On 05/02/16 16:27, mathias dufresne wrote:
>
>> Hi all,
>>
>> I just add into my AD a user with different values for attributes "CN" and
>> "name".
>>
>> Here is an extract of the LDIF used to add this user:
>>
>> ------------------------------------------------------------------------------------
>> dc202:~# egrep 'cn:|name:' mathias.ldif
>> cn: Mathias Dufresne (CN)
>> *name: mathias.dufresne*
>>
>> ------------------------------------------------------------------------------------
>>
>> Here is the ldbadd:
>>
>> ------------------------------------------------------------------------------------
>> dc202:~# ldbadd -H $sam  mathias.ldif
>> Added 1 records successfully
>>
>> ------------------------------------------------------------------------------------
>>
>> Here is a search using name attribute as in LDIF::
>>
>> ------------------------------------------------------------------------------------
>> dc202:~# ldbsearch -H $sam name=mathias.dufresne
>> .....
>> # returned 3 records
>> # *0 entries*
>> # 3 referrals
>> dc202:~#
>>
>> ------------------------------------------------------------------------------------
>>
>> Here is a search using UPN attribute:
>>
>> ------------------------------------------------------------------------------------
>> dc202:~# ldbsearch -H $sam userprincipalname=mathias.dufresne* dn name cn
>> # record 1
>> dn: CN=Mathias Dufresne
>> (CN),OU=d,OU=Utilisateurs,DC=ad,DC=dgfip,DC=finances,DC=gouv,DC=fr
>> cn: Mathias Dufresne (CN)
>> *name: Mathias Dufresne (CN)*
>>
>> # Referral
>> ....
>>
>> ------------------------------------------------------------------------------------
>>
>> So "name" seems to be a duplication of "CN". It seems not possible to have
>> different values for for these both attributes name and CN.
>>
>> Q1: Is that last affirmation true?
>>
>
> Yes, 'name' is the ldapDisplayName for RDN, RDN is 'relative distinguished
> name' and guess what, this is the value of 'cn'
>
>
>> Q2: Is there others attributes like those ones? Is there a list somewhere?
>>
>
> Yes, what are you trying to achieve ? and yes, every Samba install should
> come with the MS-AD-Schema files, on debian they are in
> /usr/share/samba/setup/ad-schema
>
> Rowland
>
> Best regards,
>>
>> mathias
>>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>