[Samba] Samba 4 Active Directory Quotas

Daniele Manfredi dmanfredi at rta.it
Wed Jan 27 07:49:08 UTC 2016 

Good afternoon,
I've this  issue: I have followed the instructions in this thread but, 
when I try to add quota.ldif I receive this error:

Unable to find attribute quota in the schema

ERR: (Invalid attribute syntax) "objectclass_attrs: attribute 
'mayContain' on entry 
'CN=systemQuotas,CN=Schema,CN=Configuration,DC=my_domain,DC=it' contains 
at least one invalid value!" on DN 
CN=systemQuotas,CN=Schema,CN=Configuration,DC=my_domain,DC=it at block 
before line 27
Modify failed after processing 1 records

 > On 27/12/14 06:26, Greg Zartman wrote:
 >
 > > I've been messing around with disk quotas for users and have seen 
some who
 >
 > > have extended the Samba 4 AD schema to include a quota attribute.  For
 >
 > > example, I found this schema extension here:
 >
 > > http://fossies.org/linux/quota/ldap-scripts/quota.schema
 >
 > >
 >
 > > Is there a common method for doing this?
 >
 > >
 >
 >
 >
 > Yes, samba4 comes with a script: oLschema2ldif
 >
 >
 >
 > To use this, you just need to create a file containing the schema on 
the DC:
 >
 >
 >
 > root at dc01:~# nano quota.schema
 >
 >
 >
 > ##
 >
 > ## schema file for Unix Quotas
 >
 > ## Schema for storing Unix Quotas in LDAP
 >
 > ## OIDs are owned by Cogent Innovators, LLC
 >
 > ##
 >
 > ## 1.3.6.1.4.1.19937.1.1.x - attributetypes
 >
 > ## 1.3.6.1.4.1.19937.1.2.x - objectclasses
 >
 > ##
 >
 >
 >
 > attributetype ( 1.3.6.1.4.1.19937.1.1.1 NAME 'quota'
 >
 >      DESC 'Quotas 
(FileSystem:BlocksSoft,BlocksHard,InodesSoft,InodesHard)'
 >
 >      EQUALITY caseIgnoreIA5Match
 >
 >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} )
 >
 >
 >
 > objectclass ( 1.3.6.1.4.1.19937.1.2.1 NAME 'systemQuotas' SUP
 >
 > posixAccount AUXILIARY
 >
 >      DESC 'System Quotas'
 >
 >      MUST ( uid )
 >
 >      MAY  ( quota ))
 >
 >
 >
 > Run this file through oLschema2ldif
 >
 >
 >
 > NOTE: the 'basedn' is your rootdse, -I is where the ldif is and what you
 >
 > called it, -O is is where you want the new file to be created and what
 >
 > you want it to be called.
 >
 >
 >
 > root at dc01:~# oLschema2ldif --basedn=DC=example,DC=com -I
 >
 > /root/quota.schema -O /root/quota.ldif
 >
 >
 >
 > OK, first time through, you get an error:
 >
 >
 >
 > Invalid entry objectclass ( 1.3.6.1.4.1.19937.1.2.1 NAME 'systemQuotas'
 >
 > SUP posixAccount AUXILIARY    DESC 'System Quotas' MUST ( uid )    MAY
 >
 > ( quota )), closing braces needs to be preceeded by a space
 >
 > Converted 1 records with 1 failures
 >
 >
 >
 > Open the file again and change last line to this:
 >
 >
 >
 >      MAY  ( quota ) )
 >
 >
 >
 > Try again:
 >
 >
 >
 > root at dc01:~# oLschema2ldif --basedn=DC=example,DC=com -I
 >
 > /root/quota.schema -O /root/quota.ldif
 >
 > Converted 2 records with 0 failures
 >
 >
 >
 > If you now open the new .ldif, you will find this:
 >
 >
 >
 > dn: CN=quota,CN=Schema,CN=Configuration,DC=example,DC=com
 >
 > objectClass: top
 >
 > objectClass: attributeSchema
 >
 > attributeID: 1.3.6.1.4.1.19937.1.1.1
 >
 > schemaIdGuid:: s4wz77EabBjOCl35dQG3Yg==
 >
 > cn: quota
 >
 > name: quota
 >
 > lDAPDisplayName: quota
 >
 > description: Quotas 
(FileSystem:BlocksSoft,BlocksHard,InodesSoft,InodesHard)
 >
 > attributeSyntax: 2.5.5.5
 >
 > oMSyntax: 22
 >
 > isSingleValued: FALSE
 >
 >
 >
 > dn: CN=systemQuotas,CN=Schema,CN=Configuration,DC=example,DC=com
 >
 > objectClass: top
 >
 > objectClass: classSchema
 >
 > governsID: 1.3.6.1.4.1.19937.1.2.1
 >
 > schemaIdGuid:: TIwbIzyiBNzZEmBeS1XO4A==
 >
 > cn: systemQuotas
 >
 > name: systemQuotas
 >
 > lDAPDisplayName: systemQuotas
 >
 > subClassOf: posixAccount
 >
 > objectClassCategory: 3
 >
 > description: System Quotas
 >
 > mustContain: uid
 >
 > mayContain: quota
 >
 > defaultObjectCategory:
 >
 > CN=systemQuotas,CN=Schema,CN=Configuration,DC=example,D
 >
 >   C=com
 >
 >
 >
 > You would then add this ldif to AD with:
 >
 >
 >
 > ldbmodify -H path_to_sam_ldb /root/quota.ldif --option="dsdb:schema
 >
 > update allowed"=true
 >
 >
 >
 > Note that the objectClass in the above ldif is a subclass of
 >
 > 'posixAccount' and to use it, you will have to add the 'uid' attribute
 >
 > to all users, you do not need to add (and in fact should not) the
 >
 > 'posixAccount' objectClass'.
 >
 >
 >
 > Rowland

-- 

*R.T.A. s.r.l.

Daniele Manfredi*
IT Manager

Phone:
	+39.0382.929.855
Fax:
	+39.0382.929.150

Website:
	www.rta.it
E-store:
	www.rta-store.com
Mailto:
	dmanfredi at rta.it

More information about the samba mailing list