Hello,
is there a way to get the last uidNumber from ldap.
I can do a ldapsearch like:
ldapsearch -h samdom.example.com -D "administrator at
samdom.example.com"
-w "changeit" -b "DC=samdom,DC=example,DC=com" -x -LLL
"(uidNumber=*)"
uidNumber | grep -Po "(?<=uidNumber: )([0-9]{4})" | sort | tail -n1
But there is no guarantee that the last returned numer is the last
uidNumber in LDAP.
Is there a limit set by samba how many lines are returned by a query?
Is there a attribute where the last number is stored?
Best Regards
Mandi! basti via samba In chel di` si favelave...> is there a way to get the last uidNumber from ldap.I use, in bash: TMPSEQ1=$(mktemp /tmp/smbadduser.uid.XXXXXXXXXX) TMPSEQ2=$(mktemp /tmp/smbadduser.uid.XXXXXXXXXX) seq ${MIN_NEW_UID} ${MAX_NEW_UID} > ${TMPSEQ1} ldbsearch ${LDB_OPTS} -b "${BASEDN}" "(&(objectClass=user))" uidNumber | grep "^uidNumber: " | cut -d ' ' -f 2 | sort -n > ${TMPSEQ2} uid=$(comm -23 ${TMPSEQ1} ${TMPSEQ2} | head -n1) rm -f "${TMPSEQ1}" "${TMPSEQ2}" if [ -z "${uid}" ]; then echo "Non ? stato possibile calcolare un numero UID valido. Molto strano..." exit 1 fi where ${MIN_NEW_UID} and ${MAX_NEW_UID} are, as expected, min and max UID in domain. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
On Tue, Nov 3, 2020 at 11:25 AM basti via samba <samba at lists.samba.org> wrote:> > Hello, > is there a way to get the last uidNumber from ldap. > > I can do a ldapsearch like: > > ldapsearch -h samdom.example.com -D "administrator at samdom.example.com" > -w "changeit" -b "DC=samdom,DC=example,DC=com" -x -LLL "(uidNumber=*)" > uidNumber | grep -Po "(?<=uidNumber: )([0-9]{4})" | sort | tail -n1 > > But there is no guarantee that the last returned numer is the last > uidNumber in LDAP. > > Is there a limit set by samba how many lines are returned by a query? > Is there a attribute where the last number is stored? > > Best RegardsHi, it looks like you're trying to assign uidNumber automatically. A couple things: See this post where Rowland suggested using these attributes to store the maximum value in LDAP. (These are not automatically calculated, your script would need to keep them updated.) - msSFU30MaxUidNumber - msSFU30MaxGidNumber https://lists.samba.org/archive/samba/2019-June/223499.html But also, check out my project ADMan, which does several things, one of which is assign uidNumber / gidNumber attributes to new users: https://gitlab.com/JonathonReinhart/adman/ Regards, Jonathon
On 03/11/2020 16:24, basti via samba wrote:> Hello, > is there a way to get the last uidNumber from ldap. > > I can do a ldapsearch like: > > ldapsearch -h samdom.example.com -D "administrator at samdom.example.com" > -w "changeit"? -b "DC=samdom,DC=example,DC=com" -x -LLL > "(uidNumber=*)" uidNumber | grep -Po "(?<=uidNumber: )([0-9]{4})" | > sort | tail -n1 > > But there is no guarantee that the last returned numer is the last > uidNumber in LDAP. > > Is there a limit set by samba how many lines are returned by a query? > Is there a attribute where the last number is stored? > > Best Regards >OK, I never told told you this, so keep it to your self ? How do you think the Unix attributes tabs worked in ADUC ? You had to to install IDMU with ADUC which installed an ldif that Samba calls ypServ30.ldif. Amongst the objects that are installed in AD is one with the DN: CN=<workgroup>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=X Where <workgroup> is your Netbios domain name (aka workgroup) and DC=X is the ldap default naming context e.g. DC=samdom,DC=example,DC=com Now what isn't there are the two attributes you need to store the next uidNumber & gidNumber: msSFU30MaxUidNumber msSFU30MaxGidNumber Just store the last *idNumber + 1 in each and then write a script around 'samba-tool user add' which obtains the required ID number, uses this and then updates it upon successful user creation. Rowland
Am 03.11.20 um 17:46 schrieb Rowland penny via samba:> > How do you think the Unix attributes tabs worked in ADUC ?Rowland you missunderstand me. Lets say i have 1000 Users and do a ldapsearch with uidNumer=* and the server has a query limit by 500. - I do not know about that when I do the ldapsearch. - I don't know which entrys are returned. Maybe 1-500 or 100-600?
Howdy! Am 11/3/20 um 5:24 PM schrieb basti via samba:> is there a way to get the last uidNumber from ldap. > > I can do a ldapsearch like: > > ldapsearch -h samdom.example.com -D "administrator at samdom.example.com" > -w "changeit"? -b "DC=samdom,DC=example,DC=com" -x -LLL "(uidNumber=*)" > uidNumber | grep -Po "(?<=uidNumber: )([0-9]{4})" | sort | tail -n1you could try adding -E !pr=100 which should use pages search and return all results -- whether it makes sense or not. :) -slow -- Ralph Boehme, Samba Team https://samba.org/ Samba Developer, SerNet GmbH https://sernet.de/en/samba/ GPG-Fingerprint FAE2C6088A24252051C559E4AA1E9B7126399E46 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20201103/6e0f85c7/signature.sig>
Am 03.11.20 um 17:46 schrieb Rowland penny via samba:> On 03/11/2020 16:24, basti via samba wrote: >> Hello, >> is there a way to get the last uidNumber from ldap. >> >> I can do a ldapsearch like: >> >> ldapsearch -h samdom.example.com -D "administrator at samdom.example.com" >> -w "changeit"? -b "DC=samdom,DC=example,DC=com" -x -LLL >> "(uidNumber=*)" uidNumber | grep -Po "(?<=uidNumber: )([0-9]{4})" | >> sort | tail -n1 >> >> But there is no guarantee that the last returned numer is the last >> uidNumber in LDAP. >> >> Is there a limit set by samba how many lines are returned by a query? >> Is there a attribute where the last number is stored? >> >> Best Regards >> > OK, I never told told you this, so keep it to your self ? > > How do you think the Unix attributes tabs worked in ADUC ? > > You had to to install IDMU with ADUC which installed an ldif that Samba > calls ypServ30.ldif. Amongst the objects that are installed in AD is one > with the DN: > > CN=<workgroup>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=X > > Where <workgroup> is your Netbios domain name (aka workgroup) and DC=X > is the ldap default naming context e.g. DC=samdom,DC=example,DC=com > > Now what isn't there are the two attributes you need to store the next > uidNumber & gidNumber: > > msSFU30MaxUidNumber > msSFU30MaxGidNumber > > Just store the last *idNumber + 1 in each and then write a script around > 'samba-tool user add' which obtains the required ID number, uses this > and then updates it upon successful user creation. > > Rowland > > >IDMU seems not in server 2012R2. the ypServ30 LDAP tree exists. I have no idea in which attribute i should store my UID. 3364 CN=msSFU-30-Max-Uid-Number,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com objectClass: top objectClass: attributeSchema cn: msSFU-30-Max-Uid-Number instanceType: 4 whenCreated: 20170217130152.0Z whenChanged: 20170217130152.0Z uSNCreated: 808 attributeID: 1.2.840.113556.1.6.18.1.343 attributeSyntax: 2.5.5.9 isSingleValued: TRUE uSNChanged: 808 showInAdvancedViewOnly: TRUE adminDisplayName: msSFU-30-Max-Uid-Number adminDescription: msSFU-30-Max-Uid-Number oMSyntax: 2 searchFlags: 1 lDAPDisplayName: msSFU30MaxUidNumber name: msSFU-30-Max-Uid-Number objectGUID:: 13njAfdDGU25KDiuNCVkCg=schemaIDGUID:: N4SZ7ETZKEqFACF1iK38dQ=systemOnly: FALSE objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com distinguishedName: CN=msSFU-30-Max-Uid-Number,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com