Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Samba 4 , ful list of LDAP-style attributes
241 views
Skip to first unread message
Mario Pio Russo
Apr 7, 2015, 11:44:01 AM4/7/15
to
Good Day all
I am going to create few scripts that uses the ldapmodify in order to
populate and samba4 Domain, I was wondering , what is the full list of
attributes that a samba 4 domain supports?
thanks
___________________________________________________________________________________________
Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1
815 2236, eMail: mariop...@ie.ibm.com
IBM Ireland Product Distribution Limited registered in Ireland with number
92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4
(Embedded image moved to file: pic56631.gif)
Sven Schwedas
Apr 7, 2015, 11:51:00 AM4/7/15
to
On 2015-04-07 17:42, Mario Pio Russo wrote:
>
> Good Day all
>
> I am going to create few scripts that uses the ldapmodify in order to
> populate and samba4 Domain, I was wondering , what is the full list of
> attributes that a samba 4 domain supports?
All defined by the domain functional level plus all user-defined ones?
>
> Good Day all
>
> I am going to create few scripts that uses the ldapmodify in order to
> populate and samba4 Domain, I was wondering , what is the full list of
> attributes that a samba 4 domain supports?
As far as the DCs are concerned it's just a key-value store.
>
> thanks
> ___________________________________________________________________________________________
>
> Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1
> 815 2236, eMail: mariop...@ie.ibm.com
> IBM Ireland Product Distribution Limited registered in Ireland with number
> 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4
>
> (Embedded image moved to file: pic56631.gif)
>
>
>
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.s...@tao.at | +43 (0)680 301 7167
http://software.tao.at
Rowland Penny
Apr 7, 2015, 11:53:29 AM4/7/15
to
On 07/04/15 16:42, Mario Pio Russo wrote:
> Good Day all
>
> I am going to create few scripts that uses the ldapmodify in order to
> populate and samba4 Domain, I was wondering , what is the full list of
> attributes that a samba 4 domain supports?
>
> Good Day all
>
> I am going to create few scripts that uses the ldapmodify in order to
> populate and samba4 Domain, I was wondering , what is the full list of
> attributes that a samba 4 domain supports?
>
> thanks
> ___________________________________________________________________________________________
>
> Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1
> 815 2236, eMail: mariop...@ie.ibm.com
> IBM Ireland Product Distribution Limited registered in Ireland with number
> 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4
>
> (Embedded image moved to file: pic56631.gif)
>
>
What do you mean 'populate' ? , this sounds like what 'samba-tool domain
> ___________________________________________________________________________________________
>
> Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1
> 815 2236, eMail: mariop...@ie.ibm.com
> IBM Ireland Product Distribution Limited registered in Ireland with number
> 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4
>
> (Embedded image moved to file: pic56631.gif)
>
>
provision' already does.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Mario Pio Russo
Apr 8, 2015, 5:58:09 AM4/8/15
to
sorry guys , I think I didn't explain well.
basically I have a samba 4 domain (created by upgrading+migrating a samba 3
PDC). For every new user that we add to this domain I need to save some
additional info which are very specific for our company/department, but the
problem is that I cannot create custom attributes into the Samba4 ldap
back-end. For this reason I was thinking to use some "less used" attributes
of AD. Unfortunately the attribute "Description" is already being used, so
I was wondering if there are other attributes I can use to store short
alphanumeric string (e.g. the internal Employee number etc).
Thanks !!
basically I have a samba 4 domain (created by upgrading+migrating a samba 3
PDC). For every new user that we add to this domain I need to save some
additional info which are very specific for our company/department, but the
problem is that I cannot create custom attributes into the Samba4 ldap
back-end. For this reason I was thinking to use some "less used" attributes
of AD. Unfortunately the attribute "Description" is already being used, so
I was wondering if there are other attributes I can use to store short
alphanumeric string (e.g. the internal Employee number etc).
Thanks !!
___________________________________________________________________________________________
Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1
815 2236, eMail: mariop...@ie.ibm.com
IBM Ireland Product Distribution Limited registered in Ireland with number
92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4
(Embedded image moved to file: pic61814.gif)
Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1
815 2236, eMail: mariop...@ie.ibm.com
IBM Ireland Product Distribution Limited registered in Ireland with number
92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4
Sven Schwedas
Apr 8, 2015, 6:04:45 AM4/8/15
to
On 2015-04-08 11:57, Mario Pio Russo wrote:
> sorry guys , I think I didn't explain well.
>
> basically I have a samba 4 domain (created by upgrading+migrating a samba 3
> PDC). For every new user that we add to this domain I need to save some
> additional info which are very specific for our company/department, but the
> problem is that I cannot create custom attributes into the Samba4 ldap
> back-end. For this reason I was thinking to use some "less used" attributes
> of AD. Unfortunately the attribute "Description" is already being used, so
> I was wondering if there are other attributes I can use to store short
> alphanumeric string (e.g. the internal Employee number etc).
You can add custom attributes (and classes) via Microsoft's ADSI editor
> sorry guys , I think I didn't explain well.
>
> basically I have a samba 4 domain (created by upgrading+migrating a samba 3
> PDC). For every new user that we add to this domain I need to save some
> additional info which are very specific for our company/department, but the
> problem is that I cannot create custom attributes into the Samba4 ldap
> back-end. For this reason I was thinking to use some "less used" attributes
> of AD. Unfortunately the attribute "Description" is already being used, so
> I was wondering if there are other attributes I can use to store short
> alphanumeric string (e.g. the internal Employee number etc).
like on any AD-based domain just fine. I'm not sure whether there's a
"samba native" method for this that actually works.
I wouldn't abuse any existing attributes, because you won't know which
software will expect it to work as documented (and might even overwrite
your data).
Mario Pio Russo
Apr 8, 2015, 6:15:19 AM4/8/15
to
Thanks Sven, good Idea
let's see if i am getting this right:
1) use MS ADSI editor to add few more attributes to the "users" class
2) use ldapmodify from my ubuntu server to populate those attributes
would that work?
___________________________________________________________________________________________
Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1
815 2236, eMail: mariop...@ie.ibm.com
IBM Ireland Product Distribution Limited registered in Ireland with number
92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4
Rowland Penny
Apr 8, 2015, 6:16:21 AM4/8/15
to
On 08/04/15 10:57, Mario Pio Russo wrote:
> sorry guys , I think I didn't explain well.
>
> basically I have a samba 4 domain (created by upgrading+migrating a samba 3
> PDC). For every new user that we add to this domain I need to save some
> additional info which are very specific for our company/department, but the
> problem is that I cannot create custom attributes into the Samba4 ldap
> back-end. For this reason I was thinking to use some "less used" attributes
> of AD. Unfortunately the attribute "Description" is already being used, so
> I was wondering if there are other attributes I can use to store short
> alphanumeric string (e.g. the internal Employee number etc).
>
> sorry guys , I think I didn't explain well.
>
> basically I have a samba 4 domain (created by upgrading+migrating a samba 3
> PDC). For every new user that we add to this domain I need to save some
> additional info which are very specific for our company/department, but the
> problem is that I cannot create custom attributes into the Samba4 ldap
> back-end. For this reason I was thinking to use some "less used" attributes
> of AD. Unfortunately the attribute "Description" is already being used, so
> I was wondering if there are other attributes I can use to store short
> alphanumeric string (e.g. the internal Employee number etc).
>
may be able to create an AD ldif from this with 'oLschema2ldif', this is
usually in /usr/bin if using a debian package, you can then update AD
with the resultant .ldif (after you split it into the objectclasses &
attributes)
If this isn't possible, the schema files are usually installed by
whatever packages you installed i.e. on Debian, they would be in
'/usr/share/samba/setup/ad-schema'
It is worth looking in 'MS-AD_Schema_2K8_R2_Attributes.txt' , you might
find that everything you need is available with AD already.
Sven Schwedas
Apr 8, 2015, 6:17:13 AM4/8/15
to
On 2015-04-08 12:14, Mario Pio Russo wrote:
>
> Thanks Sven, good Idea
>
> let's see if i am getting this right:
>
> 1) use MS ADSI editor to add few more attributes to the "users" class
> 2) use ldapmodify from my ubuntu server to populate those attributes
>
> would that work?
>
>
> ___________________________________________________________________________________________
>
> Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1
> 815 2236, eMail: mariop...@ie.ibm.com
> IBM Ireland Product Distribution Limited registered in Ireland with number
> 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4
>
> Subject: Re: [Samba] Samba 4 , ful list of LDAP-style attributes
> Sent by: samba-...@lists.samba.org
>
>
>
> On 2015-04-08 11:57, Mario Pio Russo wrote:
>> sorry guys , I think I didn't explain well.
>>
>> basically I have a samba 4 domain (created by upgrading+migrating a samba
> 3
>> PDC). For every new user that we add to this domain I need to save some
>> additional info which are very specific for our company/department, but
> the
>> problem is that I cannot create custom attributes into the Samba4 ldap
>> back-end. For this reason I was thinking to use some "less used"
> attributes
>> of AD. Unfortunately the attribute "Description" is already being used,
> so
>> I was wondering if there are other attributes I can use to store short
>> alphanumeric string (e.g. the internal Employee number etc).
>
> Sent by: samba-...@lists.samba.org
>
>
>
> On 2015-04-08 11:57, Mario Pio Russo wrote:
>> sorry guys , I think I didn't explain well.
>>
>> basically I have a samba 4 domain (created by upgrading+migrating a samba
> 3
>> PDC). For every new user that we add to this domain I need to save some
>> additional info which are very specific for our company/department, but
> the
>> problem is that I cannot create custom attributes into the Samba4 ldap
>> back-end. For this reason I was thinking to use some "less used"
> attributes
>> of AD. Unfortunately the attribute "Description" is already being used,
> so
>> I was wondering if there are other attributes I can use to store short
>> alphanumeric string (e.g. the internal Employee number etc).
>
> You can add custom attributes (and classes) via Microsoft's ADSI editor
> like on any AD-based domain just fine. I'm not sure whether there's a
> "samba native" method for this that actually works.
>
> I wouldn't abuse any existing attributes, because you won't know which
> software will expect it to work as documented (and might even overwrite
> your data).
>
>>
> like on any AD-based domain just fine. I'm not sure whether there's a
> "samba native" method for this that actually works.
>
> I wouldn't abuse any existing attributes, because you won't know which
> software will expect it to work as documented (and might even overwrite
> your data).
>
>>
> --
> Mit freundlichen Grüßen, / Best Regards,
> Sven Schwedas
> Systemadministrator
> TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
> Mail/XMPP: sven.s...@tao.at | +43 (0)680 301 7167
> http://software.tao.at
>
> (See attached file: signature.asc)--
> Mit freundlichen Grüßen, / Best Regards,
> Sven Schwedas
> Systemadministrator
> TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
> Mail/XMPP: sven.s...@tao.at | +43 (0)680 301 7167
> http://software.tao.at
>
> (See attached file: signature.asc)--
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
> instructions: https://lists.samba.org/mailman/options/samba
>
Mario Pio Russo
Apr 8, 2015, 6:18:30 AM4/8/15
to
Cool, I'll have a look at this too,
thanks All!
From: Rowland Penny <rowlan...@googlemail.com>
To: sa...@lists.samba.org
Date: 08/04/2015 11:16
Subject: Re: [Samba] Samba 4 , ful list of LDAP-style attributes
Sent by: samba-...@lists.samba.org
thanks All!
___________________________________________________________________________________________
Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1
815 2236, eMail: mariop...@ie.ibm.com
IBM Ireland Product Distribution Limited registered in Ireland with number
92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4
(Embedded image moved to file: pic34445.gif)
Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1
815 2236, eMail: mariop...@ie.ibm.com
IBM Ireland Product Distribution Limited registered in Ireland with number
92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4
From: Rowland Penny <rowlan...@googlemail.com>
To: sa...@lists.samba.org
Date: 08/04/2015 11:16
Subject: Re: [Samba] Samba 4 , ful list of LDAP-style attributes
Sent by: samba-...@lists.samba.org
On 08/04/15 10:57, Mario Pio Russo wrote:
> sorry guys , I think I didn't explain well.
>
> basically I have a samba 4 domain (created by upgrading+migrating a samba
3
> PDC). For every new user that we add to this domain I need to save some
> additional info which are very specific for our company/department, but
the
> problem is that I cannot create custom attributes into the Samba4 ldap
> back-end. For this reason I was thinking to use some "less used"
attributes
> of AD. Unfortunately the attribute "Description" is already being used,
so
> I was wondering if there are other attributes I can use to store short
> alphanumeric string (e.g. the internal Employee number etc).
>
> sorry guys , I think I didn't explain well.
>
> basically I have a samba 4 domain (created by upgrading+migrating a samba
3
> PDC). For every new user that we add to this domain I need to save some
> additional info which are very specific for our company/department, but
the
> problem is that I cannot create custom attributes into the Samba4 ldap
> back-end. For this reason I was thinking to use some "less used"
attributes
> of AD. Unfortunately the attribute "Description" is already being used,
so
> I was wondering if there are other attributes I can use to store short
> alphanumeric string (e.g. the internal Employee number etc).
>
OK, do you have an ldap.schema of your proposed additions, if so, you
may be able to create an AD ldif from this with 'oLschema2ldif', this is
usually in /usr/bin if using a debian package, you can then update AD
with the resultant .ldif (after you split it into the objectclasses &
attributes)
If this isn't possible, the schema files are usually installed by
whatever packages you installed i.e. on Debian, they would be in
'/usr/share/samba/setup/ad-schema'
It is worth looking in 'MS-AD_Schema_2K8_R2_Attributes.txt' , you might
find that everything you need is available with AD already.
may be able to create an AD ldif from this with 'oLschema2ldif', this is
usually in /usr/bin if using a debian package, you can then update AD
with the resultant .ldif (after you split it into the objectclasses &
attributes)
If this isn't possible, the schema files are usually installed by
whatever packages you installed i.e. on Debian, they would be in
'/usr/share/samba/setup/ad-schema'
It is worth looking in 'MS-AD_Schema_2K8_R2_Attributes.txt' , you might
find that everything you need is available with AD already.
Denis Cardon
Apr 8, 2015, 6:35:13 AM4/8/15
to
Hi Mario,
> Cool, I'll have a look at this too,
if the adminsys of your DC plan to use the Microsoft ADUC, I would try
to use blank fields that are displayed in the console like the Notes
field [1] in the Phone/Notes tab of a user object. This way you have an
existing gui for modifying the values if needed.
Cheers,
Denis
[1] https://msdn.microsoft.com/en-us/library/windows/desktop/ms676199
--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr
> Cool, I'll have a look at this too,
to use blank fields that are displayed in the console like the Notes
field [1] in the Phone/Notes tab of a user object. This way you have an
existing gui for modifying the values if needed.
Cheers,
Denis
[1] https://msdn.microsoft.com/en-us/library/windows/desktop/ms676199
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr
Adam Tauno Williams
Apr 8, 2015, 7:25:40 AM4/8/15
to
On Wed, 2015-04-08 at 12:04 +0200, Sven Schwedas wrote:
see:
<https://wiki.samba.org/index.php/Samba_AD_Schema_Extenstions>
<http://david-latham.blogspot.com/2012/12/extending-ad-schema-on-samba4-part-2.html>
--
Adam Tauno Williams <mailto:awil...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA
> On 2015-04-08 11:57, Mario Pio Russo wrote:
> > sorry guys , I think I didn't explain well.
> >
> > basically I have a samba 4 domain (created by upgrading+migrating a samba 3
> > PDC). For every new user that we add to this domain I need to save some
> > additional info which are very specific for our company/department, but the
> > problem is that I cannot create custom attributes into the Samba4 ldap
> > back-end. For this reason I was thinking to use some "less used" attributes
> > of AD. Unfortunately the attribute "Description" is already being used, so
> > I was wondering if there are other attributes I can use to store short
> > alphanumeric string (e.g. the internal Employee number etc).
>
> > sorry guys , I think I didn't explain well.
> >
> > basically I have a samba 4 domain (created by upgrading+migrating a samba 3
> > PDC). For every new user that we add to this domain I need to save some
> > additional info which are very specific for our company/department, but the
> > problem is that I cannot create custom attributes into the Samba4 ldap
> > back-end. For this reason I was thinking to use some "less used" attributes
> > of AD. Unfortunately the attribute "Description" is already being used, so
> > I was wondering if there are other attributes I can use to store short
> > alphanumeric string (e.g. the internal Employee number etc).
>
> You can add custom attributes (and classes) via Microsoft's ADSI editor
> like on any AD-based domain just fine. I'm not sure whether there's a
> "samba native" method for this that actually works.
>
> I wouldn't abuse any existing attributes, because you won't know which
> software will expect it to work as documented (and might even overwrite
> your data).
+1 *NO* do not re-purpose attributes.
> like on any AD-based domain just fine. I'm not sure whether there's a
> "samba native" method for this that actually works.
>
> I wouldn't abuse any existing attributes, because you won't know which
> software will expect it to work as documented (and might even overwrite
> your data).
see:
<https://wiki.samba.org/index.php/Samba_AD_Schema_Extenstions>
<http://david-latham.blogspot.com/2012/12/extending-ad-schema-on-samba4-part-2.html>
--
Adam Tauno Williams <mailto:awil...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA
0 new messages