diff options
author | Andrew Bartlett <abartlet@samba.org> | 2003-04-29 12:54:46 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2003-04-29 12:54:46 +0000 |
commit | a60682e9ab98bdeaf1c216616fb3f50515e2cc23 (patch) | |
tree | 43e22649ffda0e85622cb43fabb602d3af8bd09e /examples/LDAP | |
parent | 2aadb320a4485b5610928fa13a784680246a3489 (diff) | |
download | samba-a60682e9ab98bdeaf1c216616fb3f50515e2cc23.tar.gz samba-a60682e9ab98bdeaf1c216616fb3f50515e2cc23.tar.bz2 samba-a60682e9ab98bdeaf1c216616fb3f50515e2cc23.zip |
Merge Samba 3.0 pdb_ldap from 3.0 into HEAD, so as to allow idra to continue
his IDMAP work.
This version also works properly (the HEAD version had suffered from bitrot),
and should be a good basis to change into the new IDMAP rules.
It also includes UTF8 conversions.
Included also are the schema changes, and a note about the now very old scripts
in examples/LDAP (they don't work for this, or even the previous schema).
Andrew Bartlett
(This used to be commit 38a8f2b23a12f6a964d447f7904dd722a1ca046c)
Diffstat (limited to 'examples/LDAP')
-rw-r--r-- | examples/LDAP/README | 7 | ||||
-rw-r--r-- | examples/LDAP/samba.schema | 39 |
2 files changed, 37 insertions, 9 deletions
diff --git a/examples/LDAP/README b/examples/LDAP/README index 42cf4ff33a..98d88c091b 100644 --- a/examples/LDAP/README +++ b/examples/LDAP/README @@ -5,10 +5,9 @@ !== This is a quick and dirty means of storing smbpasswd entries -in LDAP. Samba 2.2.x does not have any ability to grab -this information directly from LDAP so you will need to -periodically generate an smbpasswd from an ldapsearch -"(objectclass=smbPasswordEntry)". +in LDAP. Samba 2.2.x (x >=4) and 3.0 can both store this information +directly in LDAP, and the schema has *changed*. As such these scripts will +need modification prior to use. Be aware of search limits on your client or server which prevent all entries from being returned in the search result. diff --git a/examples/LDAP/samba.schema b/examples/LDAP/samba.schema index b95fbeb8ff..f9475f07ea 100644 --- a/examples/LDAP/samba.schema +++ b/examples/LDAP/samba.schema @@ -111,6 +111,15 @@ attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) ## +## SID, of any type +## + +attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'ntSid' + DESC 'Security ID' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) + +## ## group mapping attributes ## attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'ntGroupType' @@ -118,10 +127,19 @@ attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'ntGroupType' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'ntSid' - DESC 'Security ID' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) +## +## Store info on the domain +## + +attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'nextUserRid' + DESC 'Next NT rid to give our for users' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'nextGroupRid' + DESC 'Next NT rid to give out for groups' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) ## ## The smbPasswordEntry objectclass has been depreciated in favor of the @@ -146,7 +164,7 @@ attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'ntSid' objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY DESC 'Samba Auxilary Account' - MUST ( uid $ rid ) + MUST ( uid $ ntSid ) MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ @@ -159,6 +177,17 @@ objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY ## ############################################################################ +## +## Whole-of-domain info +## + +objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL + DESC 'Samba Domain Information' + MUST ( domain $ nextGroupRid $ nextUserRid $ ntSid)) + +## +## Group mapping info +## objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY DESC 'Samba Group Mapping' MUST ( gidNumber $ ntSid $ ntGroupType ) |