Re: Description of LDAP-attribute sambaSIDList

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Description of LDAP-attribute sambaSIDList

Daniel Wilson-4
Thanks Tony, that really helped! :)

By syntax i mean something like this (openLDAP schema...but i need a
version for sun Directory Server 5.2).....

attributeTypes: ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC
'LanManager Password' EQUALITY caseIgnoreIA5Match S
YNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE X-ORIGIN 'user
defined' )

....i dont have an attribute called sambaSIDList...

By the way what is GQ? i have created my own perl scripts to do the
things i want, have made into a nice webpage for our admin team to use! :)

Regards


Tony Earnshaw wrote:

> Daniel Wilson wrote:
>
>> So does this mean that everyone for example in GroupA could then also
>> be a member of GroupB if you added GroupA's SID into GroupB's
>> sambaSIDList...if so this would help us out soooo much as then we dont
>> need to keep adding people into multiple groups!
>
>
> Yes, it does mean that. But this has also (always) been possible with
> Posix groups (a group can be a member of another group), for Unix/Linux
> groups. In this case, Hallvor Engen is saying that for Windows groups it
> can be done with group SIDs. I do it for OpenLDAP with Posix groups and
> MemberUid instead for Samba and that works just as well - where there's
> already a Posix group..
>
>> could you give me the syntax so i can update my schema file (were
>> using Sun Directory Server 5.2 as our LDAP backend...)
>
>
> I'm not sure what you mean by "syntax".  A group-mapping for the Posix
> group domadm might look like:
>
> dn: cn=domadm,ou=groups,ou=smb,dc=billy,dc=demon,dc=nl
> memberUid: Administrator
> memberUid: root
> memberUid: billy
> memberUid: tonni
> description: Local Unix group
> objectClass: top
> objectClass: posixGroup
> objectClass: uidObject
> objectClass: sambaGroupMapping
> uid: domadm
> cn: domadm
> sambaGroupType: 2
> sambaSID: S-1-5-21-18666911-1472750480-3707222013-512
> gidNumber: 5004
> displayName: Domain Admins
> sambaSIDList: S-1-5-21-18666911-1472750480-3707222013-3001
>
> where the value for the multi-value attribute sambaSIDList (there can be
> more than one attribute with different values) might be the SID for the
> Windows group "Administrative Staff". That might be a pure Windows group
> and not be present as a Posix group.
>
> This ldif (in the form above) would most probably not be possible to
> generate on sites using the idealx scrips; I don't. And everybody would
> be far better off if they got and compiled GQ and played around with it,
> then they'd see this for themselves ;).
>
> --Tonni
>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Daniel Wilson
Systems Administrator

IT & Communications Service
University of Sunderland
Unit 1a Technology Park
Chester Road
Sunderland
SR2 7PT

Tel: 0191 515 2695

This e-mail contains information which is confidential and may be
privileged and is for the exclusive use of the recipient.
It is the responsibility of the recipient to ensure that this message
and its attachments are virus free.
Any views or opinions presented are solely those of the author and do
not necessarily represent those of the University, unless otherwise
specifically
stated.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
Reply | Threaded
Open this post in threaded view
|

Re: Description of LDAP-attribute sambaSIDList

Tony Earnshaw
man, 25.04.2005 kl. 15.50 skrev Daniel Wilson:

> Thanks Tony, that really helped! :)

Don't think it did :(

> By syntax i mean something like this (openLDAP schema...but i need a
> version for sun Directory Server 5.2).....

Hmmm ... I run Red Hat RHAS3.  In my
/usr/share/doc/samba-3.0.11/examples directory I have schemas for:

IBM-DS
IBMSecureWay
netscapeds4.x
netscapeds5.x
oc.IBM-DS

and presumably my own OpenLDAP 2.2

> attributeTypes: ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC
> 'LanManager Password' EQUALITY caseIgnoreIA5Match S
> YNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE X-ORIGIN 'user
> defined' )
>
> ....i dont have an attribute called sambaSIDList...

You'd presumably have to adapt one of the above to sun Directory Server
5.2 schema format.

> By the way what is GQ?

www.biot.com and jump. Hope it compiles for you ;) Does on Linux 2.4.
Dunno, I don't (thank God) use Solaris any more on my sites.

>  i have created my own perl scripts to do the
> things i want, have made into a nice webpage for our admin team to use! :)

Up to you ;)

--Tonni

--
Nothing sucksseeds like a pigeon without a beak ...

mail: [hidden email]
http://www.billy.demon.nl
 
They'll love us, won't they? They feed us, don't they? ...

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba