SambaSAMAccount and IBM Domino
|
View:
New views
3 Messages
—
Rating Filter:
Alert me
|
 |
SambaSAMAccount and IBM Domino
by Michael Lucchese
::
Rate this Message:
Here is an example of the problem:
We already have added the SambaSAMAccount objectclass and its related OIDs into the Domino LDAP Schema When smbpasswd is executed to add the SambaSAMAccount attributes to a POSIX account it will add the objectclass SambaSAMAccount together with several of the SambaSAMAccount attributes. This is followed by an ldapsearch for "(objectclass=SambaSAMAccount)" which fails because even though the SambaSAMAccount attributes were added to the DIT, the objectclass SambaSAMAccount does not persist in the DIT entry. Because this validation fails, the process of adding the SambaSAMAccount attributes fails in total. When we add a DIT entry via an LDIF file that does specify the objectclass SambaSAMAccount, the SambaSAMAccount attributes are added to the DIT, but again the objectclass SambaSAMAccount is not persistent in the DIT. As a result, ldap searches performed by Samba which seeks to locate the SambaSAMAccount objectclass fails, and again the process terminates in failure. _______________________________________________ Michael Lucchese Senior Software Engineer P: +61 2 8999 2825 M: 0400 134 444 E: mlucchese@... streamline your business processes - lead with Lotus |
|
|
Re: SambaSAMAccount and IBM Domino
by Andrew Bartlett
::
Rate this Message:
On Thu, 2009-10-29 at 14:35 +1100, Michael Lucchese wrote:
> Here is an example of the problem: > > We already have added the SambaSAMAccount objectclass and > its related OIDs into the Domino LDAP Schema > > When smbpasswd is executed to add the SambaSAMAccount attributes to a > POSIX account it will add the objectclass SambaSAMAccount together with > several of the SambaSAMAccount attributes. This is followed by an > ldapsearch for "(objectclass=SambaSAMAccount)" which fails because even > though the SambaSAMAccount attributes were added to the DIT, the > objectclass SambaSAMAccount does not persist in the DIT entry. Because > this validation fails, the process of adding the SambaSAMAccount > attributes fails in total. > > When we add a DIT entry via an LDIF file that does specify the > objectclass SambaSAMAccount, the SambaSAMAccount attributes are added to > the DIT, but again the objectclass SambaSAMAccount is not persistent in > the DIT. As a result, ldap searches performed by Samba which seeks to > locate the SambaSAMAccount objectclass fails, and again the process > terminates in failure. have a very hard time making Samba work with such a broken LDAP server. Perhaps find out how to make the objectclass persist, then use local scripts to get provision the users in the 'right' way. I don't see how Samba can really help, but if you manage to work it out, we will certainly look at any patches or example scripts you come up with. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. |
|
|
Re: SambaSAMAccount and IBM Domino
by Michael Ströder
::
Rate this Message:
|
_1_08F6A73408F6A0D40013C417CA25765E (6K) | Free embeddable forum powered by Nabble | Forum Help |
