On 27/12/14 06:26, Greg Zartman wrote:> I've been messing around with disk quotas for users and have seen some
who
> have extended the Samba 4 AD schema to include a quota attribute. For
> example, I found this schema extension here:
> http://fossies.org/linux/quota/ldap-scripts/quota.schema
>
> Is there a common method for doing this?
>
Yes, samba4 comes with a script: oLschema2ldif
To use this, you just need to create a file containing the schema on the DC:
root at dc01:~# nano quota.schema
##
## schema file for Unix Quotas
## Schema for storing Unix Quotas in LDAP
## OIDs are owned by Cogent Innovators, LLC
##
## 1.3.6.1.4.1.19937.1.1.x - attributetypes
## 1.3.6.1.4.1.19937.1.2.x - objectclasses
##
attributetype ( 1.3.6.1.4.1.19937.1.1.1 NAME 'quota'
DESC 'Quotas
(FileSystem:BlocksSoft,BlocksHard,InodesSoft,InodesHard)'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} )
objectclass ( 1.3.6.1.4.1.19937.1.2.1 NAME 'systemQuotas' SUP
posixAccount AUXILIARY
DESC 'System Quotas'
MUST ( uid )
MAY ( quota ))
Run this file through oLschema2ldif
NOTE: the 'basedn' is your rootdse, -I is where the ldif is and what you
called it, -O is is where you want the new file to be created and what
you want it to be called.
root at dc01:~# oLschema2ldif --basedn=DC=example,DC=com -I
/root/quota.schema -O /root/quota.ldif
OK, first time through, you get an error:
Invalid entry objectclass ( 1.3.6.1.4.1.19937.1.2.1 NAME 'systemQuotas'
SUP posixAccount AUXILIARY DESC 'System Quotas' MUST ( uid ) MAY
( quota )), closing braces needs to be preceeded by a space
Converted 1 records with 1 failures
Open the file again and change last line to this:
MAY ( quota ) )
Try again:
root at dc01:~# oLschema2ldif --basedn=DC=example,DC=com -I
/root/quota.schema -O /root/quota.ldif
Converted 2 records with 0 failures
If you now open the new .ldif, you will find this:
dn: CN=quota,CN=Schema,CN=Configuration,DC=example,DC=com
objectClass: top
objectClass: attributeSchema
attributeID: 1.3.6.1.4.1.19937.1.1.1
schemaIdGuid:: s4wz77EabBjOCl35dQG3Yg=cn: quota
name: quota
lDAPDisplayName: quota
description: Quotas (FileSystem:BlocksSoft,BlocksHard,InodesSoft,InodesHard)
attributeSyntax: 2.5.5.5
oMSyntax: 22
isSingleValued: FALSE
dn: CN=systemQuotas,CN=Schema,CN=Configuration,DC=example,DC=com
objectClass: top
objectClass: classSchema
governsID: 1.3.6.1.4.1.19937.1.2.1
schemaIdGuid:: TIwbIzyiBNzZEmBeS1XO4A=cn: systemQuotas
name: systemQuotas
lDAPDisplayName: systemQuotas
subClassOf: posixAccount
objectClassCategory: 3
description: System Quotas
mustContain: uid
mayContain: quota
defaultObjectCategory:
CN=systemQuotas,CN=Schema,CN=Configuration,DC=example,D
C=com
You would then add this ldif to AD with:
ldbmodify -H path_to_sam_ldb /root/quota.ldif --option="dsdb:schema
update allowed"=true
Note that the objectClass in the above ldif is a subclass of
'posixAccount' and to use it, you will have to add the 'uid'
attribute
to all users, you do not need to add (and in fact should not) the
'posixAccount' objectClass'.
Rowland