[Samba] User management scripts in AD mode...
Marco Gaiarin
gaio at sv.lnf.it
Fri Jun 30 13:17:53 UTC 2017
Mandi! Rowland Penny via samba
In chel di` si favelave...
> > I'm again a bit confused... ;-(((
> Yes I can see that ;-)
;-)
Sorry for the late answer, but i was busy on other things...
> Hope this helps, but feel free to ask any questions.
I try to summarize:
a) as i supposed 'RFC2307 group membership' are totally ignored by
samba, so i can use RFC2307 schema to associate UID to users and GID
to group, but the relation between UID and GID (eg, membership) in UNIX
are directly derivated by Windows membership only. Good.
b) changing ''primary'' windows group from 'Domain Users' to other
group are supported only by samba 4.6.0 and newer.
c) (Windows) membership are expressed using 'member' in group object
(full DN of the users) but also using 'primaryGroupID' in user object
(RID of the group; for b) above, primaryGroupID is ever '513').
d) in (Windows) membership, if a user have a primary group, the group
does not have the relative full user DN in 'member'; again for b) above,
group 'Doamin Users' have no 'member' because all users have
primaryGroupID=513
If i'm right, i'have two question:
1) a) work also for nested group, right? eg, if i've nested group, the
windows<-UNIX mapping of memberships simply ''flatten'' the windows
membership in UNIX UID?
2) Supposing i'm using samba >= 4.6, to make a LDAP query that return
all the memberships correctly i need to look for 'member' in groups
and 'primaryGroupID' in users; there's just an LDAP query about that?
Eg, a query that, given a group name/DN, return all users (as DN or
UID) that belong to that group?
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list