[Samba] Migrate mail aliases to AD ypServ30

RhineDevil tanyadegurechaff at disroot.org
Mon Jul 20 18:01:07 UTC 2020 

Mon, 20 Jul 2020 18:24:15 +0100 Rowland penny via samba <samba at lists.samba.org>:
> On 20/07/2020 17:52, RhineDevil wrote:
> > Mon, 20 Jul 2020 11:56:57 +0100 Rowland penny via samba <samba at lists.samba.org>:
> >> On 20/07/2020 11:11, RhineDevil via samba wrote:
> >>> How could I migrate these fields to CN=aliases,CN=mail,CN=ypServ30,CN=RpcServices,CN=System,DC=local?
> >>>
> >>> dn: cn=abuse,ou=Aliases,DC=mydomail,DC=local
> >>> cn: abuse
> >>> objectClass: nisMailAlias
> >>> objectClass: top
> >>> rfc822MailMember: root
> >>>
> >>> dn: cn=noc,ou=Aliases,DC=mydomail,DC=local
> >>> cn: noc
> >>> objectClass: nisMailAlias
> >>> objectClass: top
> >>> rfc822MailMember: root
> >>>
> >>> dn: cn=security,ou=Aliases,DC=mydomail,DC=local
> >>> cn: security
> >>> objectClass: nisMailAlias
> >>> objectClass: top
> >>> rfc822MailMember: root
> >> First you will need the rfc822-MailMember.schema and then run that
> >> through oLschema2ldif to produce an ldif to add to AD.
> >>
> >> Doing the above, should produce something like this:
> >>
> >> dn: CN=rfc822MailMember,CN=Schema,CN=Configuration,dc=local
> >> objectClass: top
> >> objectClass: attributeSchema
> >> attributeID: 1.3.6.1.4.1.42.2.27.2.1.15
> >> schemaIdGuid:: aB7do9Dx3LkCSVgvixllpg==
> >> cn: rfc822MailMember
> >> name: rfc822MailMember
> >> lDAPDisplayName: rfc822MailMember
> >> description: rfc822 mail address of group member(s)
> >> attributeSyntax: 2.5.5.5
> >> oMSyntax: 22
> >> isSingleValued: FALSE
> >>
> >> dn: CN=nisMailAlias,CN=Schema,CN=Configuration,dc=local
> >> objectClass: top
> >> objectClass: classSchema
> >> governsID: 1.3.6.1.4.1.42.2.27.1.2.5
> >> schemaIdGuid:: gMnYtZqCPTLAMXe3RZus8A==
> >> cn: nisMailAlias
> >> name: nisMailAlias
> >> lDAPDisplayName: nisMailAlias
> >> subClassOf: top
> >> objectClassCategory: 1
> >> description: NIS mail alias
> >> mustContain: cn
> >> mayContain: rfc822MailMember
> >> defaultObjectCategory: CN=nisMailAlias,CN=Schema,CN=Configuration,dc=local
> >>
> >> You will need to split that into two ldif's one containing the
> >> objectclass, the other the attribute.
> >>
> >> You can then add the two ldifs like this:
> >>
> >> ldbadd -H path_to_sam_ldb attr.ldif --option="dsdb:schema update
> >> allowed"=true
> >> ldbadd -H path_to_sam_ldb class.ldif --option="dsdb:schema update
> >> allowed"=true
> >>
> >> You could then add your ldif (modified to suit AD):
> >>
> >> dn:
> >> cn=abuse,cn=aliases,cn=mail,cn=ypServ30,cn=RpcServices,cn=System,dc=local
> >> cn: abuse
> >> objectClass: nisMailAlias
> >> objectClass: top
> >> rfc822MailMember: root
> >>
> >> dn: cn=noc,cn=aliases,cn=mail,cn=ypServ30,cn=RpcServices,cn=System,dc=local
> >> cn: noc
> >> objectClass: nisMailAlias
> >> objectClass: top
> >> rfc822MailMember: root
> >>
> >> dn:
> >> cn=security,cn=aliases,cn=mail,cn=ypServ30,cn=RpcServices,cn=System,dc=local
> >> cn: security
> >> objectClass: nisMailAlias
> >> objectClass: top
> >> rfc822MailMember: root
> >>
> >> Whilst the above should work, I have never tried it. You should be aware
> >> that extending the AD schema is a one way action, you can never remove it.
> >>
> >> If you do extend your schema, you do this at your own risk, do not blame
> >> me if it goes wrong.
> >>
> >> Rowland
> >>
> > Wait but
> > Wouldn't make sense taking care of this through samba-tool? Like there's --rfc-2037, --rfc822 could be added
> 
> No, it wouldn't, basically all that adding '--rfc-2307' to the provision 
> command does, is to add the ypServ30 ldif to AD. This ldif is what 
> Microsoft added if you installed IDMU. Adding the ldif makes Samba 
> compatible with ADUC.
> 
> What you are adding is a corner case, so it would be a large amount of 
> work to update samba-tool for a very few users, or perhaps only you. 
> However, if you feel this should in samba-tool, patches are always 
> welcome ;-)
> 
> Rowland
> 
My idea would be more like adding full NIS support with an option (this is normally achieved by using misc.schema (misc.ldif in new database-like configuration) in OpenLDAP) but if you feel this is a corner case I won't be pushy and I'll try to achieve this in the distros I collaborate with in another way
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: Firma digitale OpenPGP
URL: <http://lists.samba.org/pipermail/samba/attachments/20200720/e4cc4cc2/attachment.sig>

More information about the samba mailing list