Hello, I am working on migrating from OpenLDAP using the inetOrgPerson schema to Samba4. I would like to continue to provide backwards compatibility with our existing authentication service. In OpenLDAP, users are all contained inside the People organizational unit and referenced by uid, for example: dn: uid=myuser,ou=People,dc=example,dc=com When using samba-tool to add a user, it places the user inside of the Users cn, and references the user via its cn entry rather than via uid: dn: cn=myuser,cn=Users,dc=example,dc=com Is there any Samba4 or AD reason why I need to use cn=myuser,cn=Users,dc=example,dc=com for users, or can I import them to uid=username,ou=People,dc=example,dc=com and use this organizational structure instead? Thanks, Andrew
Hi Andrew,
you can create the user in another OU if you want:
samba-tool user add User3 passw3rd --userou=OrgUnit
--userou=USEROU Alternative location (without domainDN counterpart) to
default CN=Users in which new user object will be
created
Regards, Christian
-----Urspr?ngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
Im Auftrag von Andrew Martin
Gesendet: Donnerstag, 24. Januar 2013 00:21
An: samba at lists.samba.org
Betreff: [Samba] Organization of Users in Samba4
Hello,
I am working on migrating from OpenLDAP using the inetOrgPerson schema to
Samba4. I would like to continue to provide backwards compatibility with our
existing authentication service. In OpenLDAP, users are all contained inside the
People organizational unit and referenced by uid, for example:
dn: uid=myuser,ou=People,dc=example,dc=com
When using samba-tool to add a user, it places the user inside of the Users cn,
and references the user via its cn entry rather than via uid:
dn: cn=myuser,cn=Users,dc=example,dc=com
Is there any Samba4 or AD reason why I need to use
cn=myuser,cn=Users,dc=example,dc=com for users, or can I import them to
uid=username,ou=People,dc=example,dc=com and use this organizational structure
instead?
Thanks,
Andrew
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
On 01/23/2013 03:20 PM, Andrew Martin wrote:> Hello, > > I am working on migrating from OpenLDAP using the inetOrgPerson schema to Samba4. I would like to continue to provide backwards compatibility with our existing authentication service. In OpenLDAP, users are all contained inside the People organizational unit and referenced by uid, for example: > dn: uid=myuser,ou=People,dc=example,dc=com > > When using samba-tool to add a user, it places the user inside of the Users cn, and references the user via its cn entry rather than via uid: > dn: cn=myuser,cn=Users,dc=example,dc=com > > Is there any Samba4 or AD reason why I need to use cn=myuser,cn=Users,dc=example,dc=com for users, or can I import them to uid=username,ou=People,dc=example,dc=com and use this organizational structure instead?You can import them in an OU called People but they will have the rdn CN not UID, why is it like that is because we have to be compatible with the other AD implementation. Matthieu -- Matthieu Patou Samba Team http://samba.org
Thanks for the clarification. Andrew ----- Original Message -----> From: "Matthieu Patou" <mat at samba.org> > To: samba at lists.samba.org > Sent: Thursday, January 24, 2013 1:22:53 AM > Subject: Re: [Samba] Organization of Users in Samba4 > > On 01/23/2013 03:20 PM, Andrew Martin wrote: > > Hello, > > > > I am working on migrating from OpenLDAP using the inetOrgPerson > > schema to Samba4. I would like to continue to provide backwards > > compatibility with our existing authentication service. In > > OpenLDAP, users are all contained inside the People organizational > > unit and referenced by uid, for example: > > dn: uid=myuser,ou=People,dc=example,dc=com > > > > When using samba-tool to add a user, it places the user inside of > > the Users cn, and references the user via its cn entry rather than > > via uid: > > dn: cn=myuser,cn=Users,dc=example,dc=com > > > > Is there any Samba4 or AD reason why I need to use > > cn=myuser,cn=Users,dc=example,dc=com for users, or can I import > > them to uid=username,ou=People,dc=example,dc=com and use this > > organizational structure instead? > You can import them in an OU called People but they will have the rdn > CN > not UID, why is it like that is because we have to be compatible with > the other AD implementation. > > Matthieu > > -- > Matthieu Patou > Samba Team > http://samba.org > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Hi Andrew Martin, Le 24/01/2013 23:54, Andrew Martin a ?crit :> Thanks for the clarification. > > Andrew >>> >>> I am working on migrating from OpenLDAP using the inetOrgPerson >>> schema to Samba4. I would like to continue to provide backwards >>> compatibility with our existing authentication service. In >>> OpenLDAP, users are all contained inside the People organizational >>> unit and referenced by uid, for example: >>> dn: uid=myuser,ou=People,dc=example,dc=com >>> >>> When using samba-tool to add a user, it places the user inside of >>> the Users cn, and references the user via its cn entry rather than >>> via uid: >>> dn: cn=myuser,cn=Users,dc=example,dc=com >>> >>> Is there any Samba4 or AD reason why I need to use >>> cn=myuser,cn=Users,dc=example,dc=com for users, or can I import >>> them to uid=username,ou=People,dc=example,dc=com and use this >>> organizational structure instead? >> You can import them in an OU called People but they will have the rdn >> CN >> not UID, why is it like that is because we have to be compatible with >> the other AD implementation.If you really need to present your ldap rdn as uid for legacy stuff, I guess you could set up a openldap with a rwm overlay (http://linux.die.net/man/5/slapo-rwm). However I think if would be easier in the end to stick to MSAD standards with cn rid. Cheers, Denis>> >> Matthieu >> >> -- >> Matthieu Patou >> Samba Team >> http://samba.org >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >>-- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, b?timent A 12 avenue Jules Verne 44230 Saint S?bastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil-it-systems.fr