samba - Aug 2003 - LDAP arrangement for machines

Dear Folks,

Now trying to get Samba 3.0.0 RC1 up and running only with LDAP, as PDC.  I am
using openldap 2.1.22-5 from rawhide on RH9.  pbedit was able to migrate the
user accounts to the existing posixAcounts in LDAP (nice!) but not the machine
accounts, which had no pre-existing entries beyond the top-level entry
ou=Devices.

Since the sambaSamAccount is auxiliary, it needs a structural objectClass to
work with.  What structural objectClass should samba add?

Do I need to write a script to add the machine accounts?

I thought of a hierarchy like this: ou=People, and ou=Group and ou=Devices under
the root of the hierarchy, then under ou=Devices, have entries with the
objectClasses device and sambaSamAccount.  Is that the intention?

How does the "adding a machine" operation work with LDAP (or how is it
intended
to work)?

The HOWTO seems not to explain these points, or have I missed it?

--
Nick Urbanik   RHCE                               nicku(at)vtc.edu.hk
Dept. of Information & Communications Technology
Hong Kong Institute of Vocational Education (Tsing Yi)
Tel:   (852) 2436 8576, (852) 2436 8713          Fax: (852) 2436 8526
PGP: 53 B6 6D 73 52 EE 1F EE EC F8 21 98 45 1C 23 7B     ID: 7529555D
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24   ID: BB9D2C24

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 19 Aug 2003, Nick Urbanik wrote:
> Dear Folks,
> 
> Now trying to get Samba 3.0.0 RC1 up and running only with LDAP, as PDC.  I
am
> using openldap 2.1.22-5 from rawhide on RH9.  pbedit was able to migrate
the
> user accounts to the existing posixAcounts in LDAP (nice!) but not the
machine
> accounts, which had no pre-existing entries beyond the top-level entry
> ou=Devices.
> 
> Since the sambaSamAccount is auxiliary, it needs a structural objectClass
to
> work with.  What structural objectClass should samba add?
Should just use the account objectclass.  
> Do I need to write a script to add the machine accounts?
There are a lot of ways to solve your problem.  Writing a script is one of 
them.
> I thought of a hierarchy like this: ou=People, and ou=Group and ou=Devices
under
> the root of the hierarchy, then under ou=Devices, have entries with the
> objectClasses device and sambaSamAccount.  Is that the intention?
You could.  See the 'ldap machine suffix'.  Be aware that there is a bug
that requires the 'ldap suffix' to be defined first if you are using 
something like

	ldap suffix         = dc=plainjoe,dc=org
        ldap user suffix    = ou=people
        ldap machine suffix = ou=devices

And make sure to not use quotes since this is another bug :-(  Sorry.
> How does the "adding a machine" operation work with LDAP (or how
is it intended
> to work)?
> 
> The HOWTO seems not to explain these points, or have I missed it?
The LDAP docs are a little outdated for 3.0.  I'll try to update them
before RC2.



cheers, jerry
 ----------------------------------------------------------------------
 Hewlett-Packard            ------------------------- http://www.hp.com
 SAMBA Team                 ---------------------- http://www.samba.org
 GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
 "You can never go home again, Oatman, but I guess you can shop
there."
                            --John Cusack - "Grosse Point Blank"
(1997)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE/QiJoIR7qMdg1EfYRAulEAJ9x+Zeo2vTJq3+hKDtjtx0WgiTV6gCgk5Ik
MH1G8AhpNj2smfs/IfLzeQ4=NqT8
-----END PGP SIGNATURE-----