[Samba] Migrate mail aliases to AD ypServ30

Rowland penny rpenny at samba.org
Mon Jul 20 10:56:57 UTC 2020 

On 20/07/2020 11:11, RhineDevil via samba wrote:
> How could I migrate these fields to CN=aliases,CN=mail,CN=ypServ30,CN=RpcServices,CN=System,DC=local?
>
> dn: cn=abuse,ou=Aliases,DC=mydomail,DC=local
> cn: abuse
> objectClass: nisMailAlias
> objectClass: top
> rfc822MailMember: root
>
> dn: cn=noc,ou=Aliases,DC=mydomail,DC=local
> cn: noc
> objectClass: nisMailAlias
> objectClass: top
> rfc822MailMember: root
>
> dn: cn=security,ou=Aliases,DC=mydomail,DC=local
> cn: security
> objectClass: nisMailAlias
> objectClass: top
> rfc822MailMember: root

First you will need the rfc822-MailMember.schema and then run that 
through oLschema2ldif to produce an ldif to add to AD.

Doing the above, should produce something like this:

dn: CN=rfc822MailMember,CN=Schema,CN=Configuration,dc=local
objectClass: top
objectClass: attributeSchema
attributeID: 1.3.6.1.4.1.42.2.27.2.1.15
schemaIdGuid:: aB7do9Dx3LkCSVgvixllpg==
cn: rfc822MailMember
name: rfc822MailMember
lDAPDisplayName: rfc822MailMember
description: rfc822 mail address of group member(s)
attributeSyntax: 2.5.5.5
oMSyntax: 22
isSingleValued: FALSE

dn: CN=nisMailAlias,CN=Schema,CN=Configuration,dc=local
objectClass: top
objectClass: classSchema
governsID: 1.3.6.1.4.1.42.2.27.1.2.5
schemaIdGuid:: gMnYtZqCPTLAMXe3RZus8A==
cn: nisMailAlias
name: nisMailAlias
lDAPDisplayName: nisMailAlias
subClassOf: top
objectClassCategory: 1
description: NIS mail alias
mustContain: cn
mayContain: rfc822MailMember
defaultObjectCategory: CN=nisMailAlias,CN=Schema,CN=Configuration,dc=local

You will need to split that into two ldif's one containing the 
objectclass, the other the attribute.

You can then add the two ldifs like this:

ldbadd -H path_to_sam_ldb attr.ldif --option="dsdb:schema update 
allowed"=true
ldbadd -H path_to_sam_ldb class.ldif --option="dsdb:schema update 
allowed"=true

You could then add your ldif (modified to suit AD):

dn: 
cn=abuse,cn=aliases,cn=mail,cn=ypServ30,cn=RpcServices,cn=System,dc=local
cn: abuse
objectClass: nisMailAlias
objectClass: top
rfc822MailMember: root

dn: cn=noc,cn=aliases,cn=mail,cn=ypServ30,cn=RpcServices,cn=System,dc=local
cn: noc
objectClass: nisMailAlias
objectClass: top
rfc822MailMember: root

dn: 
cn=security,cn=aliases,cn=mail,cn=ypServ30,cn=RpcServices,cn=System,dc=local
cn: security
objectClass: nisMailAlias
objectClass: top
rfc822MailMember: root

Whilst the above should work, I have never tried it. You should be aware 
that extending the AD schema is a one way action, you can never remove it.

If you do extend your schema, you do this at your own risk, do not blame 
me if it goes wrong.

Rowland

More information about the samba mailing list