samba - Jan 2013 - Creating users via Perl Net::LDAP

Hey there folks,

I put together a little Perl script that makes an LDAP connection to a Samba4
server and creates the cn=username,cn=users,... part of a user account.

It appears that this is not sufficient to get a fully functioning Active
Directory type log-in; from the howto I can deduce that my effort is missing a
sidMap, and there might be a good deal more to creating full AD users and groups
than the simple LDAP entry as I had hoped.

1. Is it reasonable to think that one could create a full AD user / group in
Samba 4 using an LDAP type interface?

2. If so, aside from attempting to read the code (I'm not currently fluent
in Python), where would I find documentation on what data needs to be generated?
Sorry if my google and Really-Fine-Manual glasses have failed.

Before someone points out my obvious mistake of reinventing the wheel, the short
version is that I'm hoping to manage users for a custom environment that
needs to sync a bunch of weird parts, and was hoping to write something that
could manage them all via APIs and network interfaces rather than just writing a
bash wrapper that would only work on a master server.

Thanks for your help!

-- 
Pablo Virgo
System Administrator

Solutions for Progress, Inc.
728 South Broad Street
Philadelphia, PA 19146

Phone: 215-701-8075
Fax:   215-972-8109
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
URL:
<lists.samba.org/pipermail/samba/attachments/20130128/61992520/attachment.pgp>

Pablo- 

I'm certainly no expert on the matter, but what comes to mind quickly: is
the user account enabled? If it is enabled, is a password set?
It may be this simple, as I have just added a user to AD via the windows ldifde
tool and he was defined as far as a CN and objectClass. When I look him up in
the database, his objectSID, sAMAccountName/Type and everything else necessary
is populated.
If I set a password and enable the account, I can log in as him. 

The gist of this being, I think you ought to be able to create a user creation
script.

Let me know how it goes too, I may end up trying to do something similar. 

Good luck, 
Mike Ray 


----- Original Message -----

From: "Pablo T. Virgo" <pvirgo at solutionsforprogress.com> 
To: samba at lists.samba.org 
Sent: Monday, January 28, 2013 1:49:55 PM 
Subject: [Samba] Creating users via Perl Net::LDAP 

Hey there folks, 

I put together a little Perl script that makes an LDAP connection to a Samba4
server and creates the cn=username,cn=users,... part of a user account.

It appears that this is not sufficient to get a fully functioning Active
Directory type log-in; from the howto I can deduce that my effort is missing a
sidMap, and there might be a good deal more to creating full AD users and groups
than the simple LDAP entry as I had hoped.

1. Is it reasonable to think that one could create a full AD user / group in
Samba 4 using an LDAP type interface?

2. If so, aside from attempting to read the code (I'm not currently fluent
in Python), where would I find documentation on what data needs to be generated?
Sorry if my google and Really-Fine-Manual glasses have failed.

Before someone points out my obvious mistake of reinventing the wheel, the short
version is that I'm hoping to manage users for a custom environment that
needs to sync a bunch of weird parts, and was hoping to write something that
could manage them all via APIs and network interfaces rather than just writing a
bash wrapper that would only work on a master server.

Thanks for your help! 

-- 
Pablo Virgo 
System Administrator 

Solutions for Progress, Inc. 
728 South Broad Street 
Philadelphia, PA 19146 

Phone: 215-701-8075 
Fax: 215-972-8109 

-- 
To unsubscribe from this list go to the following URL and read the 
instructions: lists.samba.org/mailman/options/samba