samba - Sep 2002 - Samba-LDAP with custom object class

Hello,

            First, excuse me if this messages is not in the right mailing list:
I have not found a samba-ldap forum.
	I try to use Samba-LDAP with my own object class but I cannot manage using an
other attribute than 'uid' for the user ID.

	Here is my objectClass:
--------------- myClass.schema -----------------------------------
attributeType ( 1.3.6.1.4.1.13460.1.18.1
	NAME          'login'
        DESC     'login used by linux'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

objectClass ( 1.3.6.1.4.1.13460.2.18.1
        NAME   'myPerson'
	SUP    TOP
	STRUCTURAL
	MUST   ( login ) )
-----------------end - myClass -------------------------------
         
                 My smb.conf is the following one (only an extract):
------------------ smb.conf -----------------------------
    ldap admin dn = "cn=manager,id=1"
    ldap server = 10.0.1.10
    ldap ssl = off
    ldap port = 389
    ldap suffix = "id=1.3.3,id=1.3,id=1"  
    ldap filter = "(&(login=%u)(objectclass=sambaAccount))"
------------------ end - smb.conf ---------------------

               The file /etc/ldap.conf
------------------- ldap.conf -----------------------
          pam_login_attribute uid
          pam_filter objectclass=myPerson       
------------ end - ldap.conf ----------------------


             The file /etc/nsswitch.conf  ( on the directory server and on the
samba server):
----------- nsswitch.conf --------------------
nss_base_passwd	id=1.3.3,id=1.3,id=1
nss_base_shadow	id=1.3.3,id=1.3,id=1

nss_map_attribute    uid     login
nss_map_attribute    userid  login
---------- end - nsswitch.conf ------------
              

           and my person:
----------- myperson.ldif ------------------
dn: uid=FR750034,id=1.3.3,id=1.3,id=1
loginShell: /bin/bash
objectClass: myPerson
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaAccount
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: qmailUser
sn: Smith
gidNumber: 100
gecos: Teddy Smith
uidNumber: 502
login: ted
mail: teddy.smith@zoo.com
qmailUID: 502
qmailGID: 100
givenName: teddy
homeDirectory: /homes/teddy
uid: FR750034
logonTime: 0
cn:: TWF0dGhpZXUgVHVycGF1bHQg
rid: 103
primaryGroupID: 103
-------- end - myperson.ldif -------------



           When I try to open a home Directory with a Windows client, a request
of authentication is displayed but it comes back after each test.
           The log file of the directory:


---------- Log file of Openldap -----------
Sep 23 12:08:44 therese slapd[1745]: conn=164 op=51 SEARCH RESULT tag=101 err=0
textSep 23 12:08:44 therese slapd[1833]: conn=164 op=52 SRCH
base="id=1.3.3,id=1.3,id=1" scope=2
filter="(&(objectClass=posixAccount)(login=ted))"
Sep 23 12:08:44 therese slapd[1833]: conn=164 op=52 SEARCH RESULT tag=101 err=0
textSep 23 12:08:44 therese slapd[1731]: daemon: conn=268 fd=23 connection from
IP=10.0.1.12:32921 (IP=0.0.0.0:34049) accepted.
Sep 23 12:08:44 therese slapd[1736]: conn=268 op=0 BIND
dn="CN=MANAGER,ID=1" method=128
Sep 23 12:08:44 therese slapd[1736]: conn=268 op=0 RESULT tag=97 err=0 textSep
23 12:08:44 therese slapd[2330]: conn=268 op=1 SRCH
base="id=1.3.3,id=1.3,id=1" scope=2
filter="(&(login=ted)(objectClass=sambaAccount))"
Sep 23 12:08:44 therese slapd[2330]: conn=268 op=1 SEARCH RESULT tag=101 err=0
textSep 23 12:08:44 therese slapd[2331]: conn=164 op=53 SRCH
base="id=1.3.3,id=1.3,id=1" scope=2
filter="(&(objectClass=posixAccount)(login=FR750034))"
Sep 23 12:08:44 therese slapd[2331]: conn=164 op=53 SEARCH RESULT tag=101 err=0
textSep 23 12:08:44 therese slapd[1745]: conn=268 op=2 UNBIND
Sep 23 12:08:44 therese slapd[1745]: conn=-1 fd=23 closed
Sep 23 12:08:44 therese slapd[1731]: daemon: conn=269 fd=23 connection from
IP=10.0.1.12:32922 (IP=0.0.0.0:34049) accepted.
Sep 23 12:08:44 therese slapd[1833]: conn=269 op=0 BIND
dn="CN=MANAGER,ID=1" method=128
Sep 23 12:08:44 therese slapd[1833]: conn=269 op=0 RESULT tag=97 err=0 textSep
23 12:08:44 therese slapd[1731]: deferring operation
Sep 23 12:08:44 therese slapd[1736]: conn=269 op=1 SRCH
base="id=1.3.3,id=1.3,id=1" scope=2
filter="(&(login=ted)(objectClass=sambaAccount))"
Sep 23 12:08:44 therese slapd[1736]: conn=269 op=1 SEARCH RESULT tag=101 err=0
textSep 23 12:08:44 therese slapd[2330]: conn=164 op=54 SRCH
base="id=1.3.3,id=1.3,id=1" scope=2
filter="(&(objectClass=posixAccount)(login=FR750034))"
Sep 23 12:08:45 therese slapd[2330]: conn=164 op=54 SEARCH RESULT tag=101 err=0
textSep 23 12:08:45 therese slapd[2331]: conn=269 op=2 UNBIND
Sep 23 12:08:45 therese slapd[1745]: conn=164 op=55 SRCH
base="id=1.3.3,id=1.3,id=1" scope=2
filter="(&(objectClass=posixAccount)(login=ted))"
Sep 23 12:08:45 therese slapd[2331]: conn=-1 fd=23 closed
Sep 23 12:08:45 therese slapd[1745]: conn=164 op=55 SEARCH RESULT tag=101 err=0
text--------end- Log file of Openldap -----------


            The directory /homes/ted exists and is owned by mat.users.
        
        Do you have a clue ?

Thanks in advance


Matthieu

Given the context of you questions, they appear to more related
to PADL's pam_ldap module.  I suggest you repost there.
> First, excuse me if this messages is not in the right mailing list: I
> have not found a samba-ldap forum. try to use Samba-LDAP with my own
> object class but I cannot manage using an other attribute than
'uid' for
> the user ID.
this is hardcoded in the samba.schema file.
>                The file /etc/ldap.conf
> ------------------- ldap.conf -----------------------
>           pam_login_attribute uid
>           pam_filter objectclass=myPerson       
> ------------ end - ldap.conf ----------------------
This has nothing to do with Samba, your are now specifying that
the pam_ldap module use the uid attribute for logins.
> The file /etc/nsswitch.conf  ( on the directory server and on the samba
server):
> ----------- nsswitch.conf --------------------
> nss_base_passwd	id=1.3.3,id=1.3,id=1
> nss_base_shadow	id=1.3.3,id=1.3,id=1
> 
> nss_map_attribute    uid     login
> nss_map_attribute    userid  login
> ---------- end - nsswitch.conf ------------
>               
> 
>            and my person:
> ----------- myperson.ldif ------------------
> dn: uid=FR750034,id=1.3.3,id=1.3,id=1
> loginShell: /bin/bash
> objectClass: myPerson
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: sambaAccount
> objectClass: account
> objectClass: posixAccount
> objectClass: top
> objectClass: qmailUser
> sn: Smith
> gidNumber: 100
> gecos: Teddy Smith
> uidNumber: 502
> login: ted
> mail: teddy.smith@zoo.com
> qmailUID: 502
> qmailGID: 100
> givenName: teddy
> homeDirectory: /homes/teddy
> uid: FR750034
> logonTime: 0
> cn:: TWF0dGhpZXUgVHVycGF1bHQg
> rid: 103
> primaryGroupID: 103
> -------- end - myperson.ldif -------------
> When I try to open a home Directory with a Windows client, a request of
> authentication is displayed but it comes back after each test. The log
> file of the directory:
Do you have encrypted passwords enabled in smb.conf?
> Sep 23 12:08:45 therese slapd[1745]: conn=164 op=55 SRCH
> base="id=1.3.3,id=1.3,id=1" scope=2
> filter="(&(objectClass=posixAccount)(login=ted))"
> 
> The directory /homes/ted exists and is owned by mat.users.
In your LDIF except you have "homeDirectory: /homes/teddy" but just 
referred to /home/ted ????




cheers, jerry