diff options
Diffstat (limited to 'examples')
| -rw-r--r-- | examples/LDAP/README | 7 | ||||
| -rw-r--r-- | examples/LDAP/samba.schema | 39 |
2 files changed, 37 insertions, 9 deletions
diff --git a/examples/LDAP/README b/examples/LDAP/README index 42cf4ff33a..98d88c091b 100644 --- a/examples/LDAP/README +++ b/examples/LDAP/README @@ -5,10 +5,9 @@ !== This is a quick and dirty means of storing smbpasswd entries -in LDAP. Samba 2.2.x does not have any ability to grab -this information directly from LDAP so you will need to -periodically generate an smbpasswd from an ldapsearch -"(objectclass=smbPasswordEntry)". +in LDAP. Samba 2.2.x (x >=4) and 3.0 can both store this information +directly in LDAP, and the schema has *changed*. As such these scripts will +need modification prior to use. Be aware of search limits on your client or server which prevent all entries from being returned in the search result. diff --git a/examples/LDAP/samba.schema b/examples/LDAP/samba.schema index b95fbeb8ff..f9475f07ea 100644 --- a/examples/LDAP/samba.schema +++ b/examples/LDAP/samba.schema @@ -111,6 +111,15 @@ attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) ## +## SID, of any type +## + +attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'ntSid' + DESC 'Security ID' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) + +## ## group mapping attributes ## attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'ntGroupType' @@ -118,10 +127,19 @@ attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'ntGroupType' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'ntSid' - DESC 'Security ID' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) +## +## Store info on the domain +## + +attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'nextUserRid' + DESC 'Next NT rid to give our for users' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'nextGroupRid' + DESC 'Next NT rid to give out for groups' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) ## ## The smbPasswordEntry objectclass has been depreciated in favor of the @@ -146,7 +164,7 @@ attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'ntSid' objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY DESC 'Samba Auxilary Account' - MUST ( uid $ rid ) + MUST ( uid $ ntSid ) MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ @@ -159,6 +177,17 @@ objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY ## ############################################################################ +## +## Whole-of-domain info +## + +objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL + DESC 'Samba Domain Information' + MUST ( domain $ nextGroupRid $ nextUserRid $ ntSid)) + +## +## Group mapping info +## objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY DESC 'Samba Group Mapping' MUST ( gidNumber $ ntSid $ ntGroupType ) |