[Samba] Get last uidNumber

Rowland penny rpenny at samba.org
Tue Nov 3 19:14:42 UTC 2020 

On 03/11/2020 18:46, basti via samba wrote:
>
> Am 03.11.20 um 17:46 schrieb Rowland penny via samba:
>> On 03/11/2020 16:24, basti via samba wrote:
>>> Hello,
>>> is there a way to get the last uidNumber from ldap.
>>>
>>> I can do a ldapsearch like:
>>>
>>> ldapsearch -h samdom.example.com -D "administrator at samdom.example.com"
>>> -w "changeit"  -b "DC=samdom,DC=example,DC=com" -x -LLL
>>> "(uidNumber=*)" uidNumber | grep -Po "(?<=uidNumber: )([0-9]{4})" |
>>> sort | tail -n1
>>>
>>> But there is no guarantee that the last returned numer is the last
>>> uidNumber in LDAP.
>>>
>>> Is there a limit set by samba how many lines are returned by a query?
>>> Is there a attribute where the last number is stored?
>>>
>>> Best Regards
>>>
>> OK, I never told told you this, so keep it to your self 😂
>>
>> How do you think the Unix attributes tabs worked in ADUC ?
>>
>> You had to to install IDMU with ADUC which installed an ldif that Samba
>> calls ypServ30.ldif. Amongst the objects that are installed in AD is one
>> with the DN:
>>
>> CN=<workgroup>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=X
>>
>> Where <workgroup> is your Netbios domain name (aka workgroup) and DC=X
>> is the ldap default naming context e.g. DC=samdom,DC=example,DC=com
>>
>> Now what isn't there are the two attributes you need to store the next
>> uidNumber & gidNumber:
>>
>> msSFU30MaxUidNumber
>> msSFU30MaxGidNumber
>>
>> Just store the last *idNumber + 1 in each and then write a script around
>> 'samba-tool user add' which obtains the required ID number, uses this
>> and then updates it upon successful user creation.
>>
>> Rowland
>>
>>
>>
> IDMU seems not in server 2012R2.
> the ypServ30 LDAP tree exists.
>
> I have no idea in which attribute i should store my UID.

Even though I put it in my last post ?

it is: msSFU30MaxUidNumber

For the next GID it is:

msSFU30MaxGidNumber

Both of which need to be added to the AD object:

CN=samdom,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=samdom,DC=example,DC=com

Where the workgroup is 'SAMDOM' and AD dns domain is 'samdom.example.com'

To populate the attributes find the highest uidNumber & gidNumber 
attributes already in AD, add one (1) to each and add them to the 
relevant attribute.

For instance, if the highest uidNumber is '10060' and the highest 
gidNumber is '10031', then with the DN above, the required ldif would be:

dn: 
CN=samdom,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=samdom,DC=example,DC=com
changetype: modify
add: msSFU30MaxUidNumber
msSFU30MaxUidNumber: 10061
-
add: msSFU30MaxGidNumber
msSFU30MaxGidNumber: 10032

Rowland

More information about the samba mailing list