[Samba] core & cosine schema items in Samba AD DC user object?
Franta Hanzlík
franta at hanzlici.cz
Tue Mar 26 13:50:41 UTC 2024
On Tue, 26 Mar 2024 08:01:27 +0000
Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Tue, 26 Mar 2024 02:57:51 +0100
> Franta Hanzlík via samba <samba at lists.samba.org> wrote:
>
> > Please, it is possible (perhaps with some Samba schema extension?) to
> > have items as 'c' (countryName), 'l' (localityName), 'l'
> > (localityName), 'co' (friendlyCountryName), 'street' (streetAddress),
> > 'displayName' etc. in the description of the USER object?
>
> It is very possible, because they are standard components of the AD
> schema:
>
> dn: CN=Country-Name,CN=Schema,CN=Configuration,DC=X
> lDAPDisplayName: c
>
> dn: CN=Locality-Name,CN=Schema,CN=Configuration,DC=X
> lDAPDisplayName: l
>
> dn: CN=Text-Country,CN=Schema,CN=Configuration,DC=X
> lDAPDisplayName: co
>
> dn: CN=Street-Address,CN=Schema,CN=Configuration,DC=X
> lDAPDisplayName: street
>
> dn: CN=Display-Name,CN=Schema,CN=Configuration,DC=X
> lDAPDisplayName: displayName
Yeah, it is super!
My mistake was - before I was only looking in the
/etc/openldap/schema/samba.schema file, where these attributes are not
there. But now I can see them in the
/usr/share/samba/setup/ad-schema/AD_DS_Attributes__Windows_Server_2016.ldf
file (which is perhaps what the Samba uses as its schema).
> >
> > And then how to manage them? The "samba-tool user add" doesn't seem
> > to have a corresponding switch...
>
> That would be up to you writing your own script to add them, unless you
> would care to update samba-tool to do this ;-)
Maybe these attributes can be supplemented with some Windows tool (RSAT/
ADUC), I haven't tried it yet.
What I just tried - add these attributes to AD with ldbmodify and a pre-
prepared LDIF file (as:
dn: CN=Pepík,OU=dobří,OU=kamarádi,DC=ad,DC=hanzlici,DC=cz
changetype: modify
add: l
l: Plzeň
) - and it works well, thus problem is solved.
And another finding - adding a non-existent attribute such as Locality-Name (
dn: CN=Pepík,OU=dobří,OU=kamarádi,DC=ad,DC=hanzlici,DC=cz
changetype: modify
add: Locality-Name
Locality-Name: Plzeň
to the schema (I mistakenly thought that e.g. the 'l' attribute is an
external/LDAP alias for the internal "Locality-Name" attribute used
by Samba) will not fail, and the USER object will have both "l" and
"Locality-Name" attributes. Is it ok that I can add any nonsense
(attribute not in schema) to the object?
>
> Rowland
>
> --
Rowland, thank you so much!
--
Franta Hanzlik
More information about the samba
mailing list