samba - Feb 2010 - ldapsam:editposix with inetOrgPerson objectClass for users

Hello list, have a samba 3.4.3 as domain controller with openldap as
backend, using ldapsam:trusted = Yes and ldapsam:editposix = Yes and
everything works like a charm. Now i would like to use this ldap for
storing more information about my users; full name, phone, address and
maybe even a picture. InetOrgPerson is the objectClass i would like to
use since it's standard and has all i need and more. Samba use the
account objectClass as structural class for user and computer
accounts, and since inetOrgPerson and account are both structural
openldap won't let me have both in the same entry. I've been checking
the code and it looks like the creation of the users with account as
objectClass is hardcoded in samba so i guess there is no parameter in
the configuration file which allows me to override this behavior. I
also tried to modify my schema making inetOrgPerson the parent class
of the account class but it turns out that sn is a required attribute
in inetOrgPerson and samba obviously doesn't add this parameter so the
user creation fails. The other options i see here would require heavy
modifications to the ldap schema or modify the samba itself to create
user accounts as inetOrgPerson and add an sn attribute in the process.
So before taking any of those options i just wanted to make sure that
there is not an easier one i have not seen. Any ideas are welcome.

Thanks a lot.

On Fri, Feb 26, 2010 at 06:57:01PM -0600, Carlos Ramos G?mez
wrote:
> Hello list, have a samba 3.4.3 as domain controller with openldap as
> backend, using ldapsam:trusted = Yes and ldapsam:editposix = Yes and
> everything works like a charm. Now i would like to use this ldap for
> storing more information about my users; full name, phone, address and
> maybe even a picture. InetOrgPerson is the objectClass i would like to
> use since it's standard and has all i need and more. Samba use the
> account objectClass as structural class for user and computer
> accounts, and since inetOrgPerson and account are both structural
> openldap won't let me have both in the same entry. I've been
checking
> the code and it looks like the creation of the users with account as
> objectClass is hardcoded in samba so i guess there is no parameter in
> the configuration file which allows me to override this behavior. I
> also tried to modify my schema making inetOrgPerson the parent class
> of the account class but it turns out that sn is a required attribute
> in inetOrgPerson and samba obviously doesn't add this parameter so the
> user creation fails. The other options i see here would require heavy
> modifications to the ldap schema or modify the samba itself to create
> user accounts as inetOrgPerson and add an sn attribute in the process.
> So before taking any of those options i just wanted to make sure that
> there is not an easier one i have not seen. Any ideas are welcome.
The best here would be to remove the ldapsam:editposix and
do it with scripts of your own. ldapsam:editposix was made
for simple configuration of a very specific DIT layout. If
you need it to be different, please look at scripts.

Volker