[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: objectclass sambaSamAccount

To: Scott Classen <sclassen@lbl.gov>
Subject: Re: objectclass sambaSamAccount
From: Laurence Mayer <laurence@istraresearch.com>
Date: Tue, 02 Sep 2008 17:35:39 +0300
Cc: openldap-technical@openldap.org
In-reply-to: <0CDDC79A-FDD8-4E3B-A962-35C92707E7CC@lbl.gov>
References: <48BD4409.8000909@istraresearch.com> <0CDDC79A-FDD8-4E3B-A962-35C92707E7CC@lbl.gov>
User-agent: Thunderbird 2.0.0.14 (X11/20080505)

Hi Scott,
See below.

Thanks
Laurence

[root@fs1 ldap]# cat /etc/openldap/slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/nis.schema
include         /etc/openldap/schema/samba.schema

# Allow LDAPv2 client connections.  This is NOT the default.
allow bind_v2

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap://root.openldap.org

pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args

# Load dynamic backend modules:
#modulepath	/usr/lib64/openldap
#moduleload	back_bdb.la
#moduleload	back_ldap.la
#moduleload	back_ldbm.la
#moduleload	back_passwd.la
#moduleload	back_shell.la

# The next three lines allow use of TLS for encrypting connections using a # dummy test certificate which you can generate by changing to # /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on # slapd.pem so that the ldap user or group can read it. Your client software # may balk at self-signed certificates, however. # TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt # TLSCertificateFile /etc/pki/tls/certs/slapd.pem # TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem

# Sample security restrictions
#	Require integrity protection (prevent hijacking)
#	Require 112-bit (3DES or better) encryption for updates
#	Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#	Root DSE: allow anyone to read it
#	Subschema (sub)entry DSE: allow anyone to read it
#	Other DSEs:
#		Allow self write access
#		Allow authenticated users read access
#		Allow anonymous users to authenticate
#	Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read

access to attrs=userPassword
      by self write
      by anonymous auth
      by * none

#access to *
#	by self write
#	by users read
#	by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database	bdb
suffix		"dc=istraresearch,dc=com"
rootdn		"cn=xxxxx,dc=istraresearch,dc=com"
rootpw		xxxxxxx
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory	/var/lib/sldap
# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
#     bindmethod=sasl saslmech=GSSAPI
#     authcId=host/ldap-master.example.com@EXAMPLE.COM

Scott Classen wrote:

Hi Laurence,

What does your sldap.conf file look like? You are probably not including the proper samba schema file.

Scott

On Sep 2, 2008, at 6:47 AM, Laurence Mayer wrote:

Hi,

OS: Linux Redhat x86_64
OpenLdap 2.3.27

I am trying to add an objectclass sambaSamAccount to my ou=People.
My goal would be to have both samba and posix account for each user.

I have included the samba schema to the slapd.conf file.

I tried adding this to a file and running ldapadd:

dn: uid=laurence, ou=People,dc=istraresearch,dc=com
sambaLogonTime: 0
displayName: Laurence Mayer
sambaLMPassword: xxxxx
sambaPrimaryGroupSID: S-1-5-21-2447931902-1787058256-3961074038-1201
objectClass: sambaSamAccount
sambaAcctFlags: [UX         ]
gidNumber: 100
sambaKickoffTime: 2147483647
sambaPwdLastSet: 1010179230
sambaSID: S-1-5-21-2447931902-1787058256-3961074038-5004
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaNTPassword: xxxx


However I received the error:
adding new entry "uid=laurence, ou=People,dc=istraresearch,dc=com"
ldap_add: Internal (implementation specific) error (80)
    additional info: no structuralObjectClass operational attribute


Please can you tell me what I need to do to achieve this.

Thanks in advance

Laurence


--
--------------------------
Laurence Mayer
Director of Operations & IT
Istra Research Ltd.
Tel: +972545233107
Fax: +972722765124

References:
- objectclass sambaSamAccount
  - From: Laurence Mayer <laurence@istraresearch.com>
- Re: objectclass sambaSamAccount
  - From: Scott Classen <sclassen@lbl.gov>

Prev by Date: Re: objectclass sambaSamAccount
Next by Date: Re: objectclass sambaSamAccount
Index(es):
- Chronological
- Thread