[Samba] Bulk add users and rfc2307 attributes questions

Rowland Penny rpenny at samba.org
Wed Aug 2 19:08:25 UTC 2017


On Wed, 2 Aug 2017 12:21:24 -0400 (EDT)
me at tdiehl.org wrote:

> Hi Rowland,
> 
> >>
> >> 3. Is there an automatic way to have samba-tool assign the correct
> >> rfc-2307 uid?
> >
> > Probably only sat on my HD and this got rejected.
> 
> Sorry, I do not understand the above statement.

I wrote a patch to 'samba-tool user create' that does everything you
want to do, i.e. it worked just like ADUC, but it wasn't accepted, for
various reasons.

> 
> >
> > What you are missing, is a couple of attributes
> > 'msSFU30MaxUidNumber' & 'msSFU30MaxGidNumber' (note 'Max' is
> > microsoft for 'next'). These should be in 'CN=<your lowercase domain
> > name>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=YOUR,DC=DNS,DC=DOMAIN'
> 
> So if I understand you, I would do something like:
> ldbsearch -H /usr/local/samba/private/sam.ldb -b
> CN=samdom,CN=ypservers,CN=ypServ30,\
> CN=RpcServices,CN=System,DC=samdom,DC=example,DC=com | grep
> msSFU30MaxUidNumber to get the next uid to use in the script. Is this
> correct?

Well basically, except you would have to replace 'samdom' with your
lowercase WORKGROUP/DOMAIN and 'DC=samdom,DC=example,DC=com' with your
dns domain.

> 
> What is the best/safest way to update msSFU30MaxUidNumber after I add
> a user? I am thinking about Creating an ldif tmp file and then read
> that in with ldbmodify.

You will need two ldif's, one to create/update the user and another to
update 'msSFU30MaxUid'

> 
> Does this sound sane? Is there a better way?

Yes and not at the moment.

Rowland



More information about the samba mailing list