[Samba] [samba4ad] Duplicate attributes list ?

Rowland penny rpenny at samba.org
Mon Feb 8 17:11:50 UTC 2016 

On 08/02/16 17:00, mathias dufresne wrote:
> Thank you Rowland for that reply, even if answer to Q2 is not a list  > of deplicated attributes but the schema which contains all > 
attributes. > > To answer you: I'm trying to understand. I'm currently 
working for > one company to help them design an AD hosted by Samba. I 
won't be > there to manage it and they already have peoples working with 
LDAP > trees, these coming with their own habits. > > I would have that 
list to be able to tell them which attributes can > be used, which 
can't. "name" is quiet common and can be used for lot > kind of data 
with meaning but we can't use that attribute to store > anything in it 
as it refers to RDN which is by default CN. > > I think this information 
is important to avoid using these specials > attributes. Someone who 
don't know enough the product could decide to > use "name" to store some 
name (girlfriend name? shoes mark name? Last > name?) into that field. 
The idea won't be too bad... as long as we > don't apply the idea : ) > 
 > And as most companies have one desire which is maling more profit, > 
peoples managing softwares don't have necessarily the time to dig > deep 
enough into products to avoid such mistake. > > More: as shown your 
reply where you pointed me to AD schema this > information is not easy 
to get, not even for someone like you who > knows this product quiet 
well I must say... so for someone who has no > motivation to work on 
that subject for a not-beloved-company I expect > this one won't try to 
find that answer... > > Best regards, > > mathias > > > > 2016-02-05 
17:50 GMT+01:00 Rowland penny <rpenny at samba.org > 
<mailto:rpenny at samba.org>>: > > On 05/02/16 16:27, mathias dufresne 
wrote: > > Hi all, > > I just add into my AD a user with different 
values for attributes > "CN" and "name". > > Here is an extract of the 
LDIF used to add this user: > 
------------------------------------------------------------------------------------ 
 > >
dc202:~# egrep 'cn:|name:' mathias.ldif
> cn: Mathias Dufresne (CN) *name: mathias.dufresne* > 
------------------------------------------------------------------------------------ 
 > > >
Here is the ldbadd:
> ------------------------------------------------------------------------------------  > >
dc202:~# ldbadd -H $sam  mathias.ldif
> Added 1 records successfully > 
------------------------------------------------------------------------------------ 
 > > >
Here is a search using name attribute as in LDIF::
> ------------------------------------------------------------------------------------  > >
dc202:~# ldbsearch -H $sam name=mathias.dufresne
> ..... # returned 3 records # *0 entries* # 3 referrals dc202:~# > 
------------------------------------------------------------------------------------ 
 > > >
Here is a search using UPN attribute:
> ------------------------------------------------------------------------------------  > >
dc202:~# ldbsearch -H $sam userprincipalname=mathias.dufresne* dn name cn
> # record 1 dn: CN=Mathias Dufresne > (CN),OU=d,OU=Utilisateurs,DC=ad,DC=dgfip,DC=finances,DC=gouv,DC=fr > 
cn: Mathias Dufresne (CN) *name: Mathias Dufresne (CN)* > > # Referral 
.... > 
------------------------------------------------------------------------------------ 
 > > >
So "name" seems to be a duplication of "CN". It seems not possible to have
> different values for for these both attributes name and CN.  > > Q1: Is that last affirmation true? > > > Yes, 'name' is the 
ldapDisplayName for RDN, RDN is 'relative > distinguished name' and 
guess what, this is the value of 'cn' > > > Q2: Is there others 
attributes like those ones? Is there a list > somewhere? > > > Yes, what 
are you trying to achieve ? and yes, every Samba install > should come 
with the MS-AD-Schema files, on debian they are in > 
/usr/share/samba/setup/ad-schema > > Rowland > > Best regards, > > 
mathias > > > > -- To unsubscribe from this list go to the following URL 
and read > the instructions:  
https://lists.samba.org/mailman/options/samba > >

You could investigate the 'contact' objectclass and its set of 
attributes, see here for a start:

https://msdn.microsoft.com/en-us/library/ms680995%28v=VS.85%29.aspx


Rowland

More information about the samba mailing list