sorry guys , I think I didn't explain well. basically I have a samba 4 domain (created by upgrading+migrating a samba 3 PDC). For every new user that we add to this domain I need to save some additional info which are very specific for our company/department, but the problem is that I cannot create custom attributes into the Samba4 ldap back-end. For this reason I was thinking to use some "less used" attributes of AD. Unfortunately the attribute "Description" is already being used, so I was wondering if there are other attributes I can use to store short alphanumeric string (e.g. the internal Employee number etc). Thanks !! ___________________________________________________________________________________________ Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1 815 2236, eMail: mariopiorusso at ie.ibm.com IBM Ireland Product Distribution Limited registered in Ireland with number 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4 (Embedded image moved to file: pic61814.gif) From: Rowland Penny <rowlandpenny at googlemail.com> To: samba at lists.samba.org Date: 07/04/2015 16:53 Subject: Re: [Samba] Samba 4 , ful list of LDAP-style attributes Sent by: samba-bounces at lists.samba.org On 07/04/15 16:42, Mario Pio Russo wrote:> Good Day all > > I am going to create few scripts that uses the ldapmodify in order to > populate and samba4 Domain, I was wondering , what is the full list of > attributes that a samba 4 domain supports? > > thanks >___________________________________________________________________________________________> > Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1 > 815 2236, eMail: mariopiorusso at ie.ibm.com > IBM Ireland Product Distribution Limited registered in Ireland withnumber> 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin4> > (Embedded image moved to file: pic56631.gif) > >What do you mean 'populate' ? , this sounds like what 'samba-tool domain provision' already does. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
On 2015-04-08 11:57, Mario Pio Russo wrote:> sorry guys , I think I didn't explain well. > > basically I have a samba 4 domain (created by upgrading+migrating a samba 3 > PDC). For every new user that we add to this domain I need to save some > additional info which are very specific for our company/department, but the > problem is that I cannot create custom attributes into the Samba4 ldap > back-end. For this reason I was thinking to use some "less used" attributes > of AD. Unfortunately the attribute "Description" is already being used, so > I was wondering if there are other attributes I can use to store short > alphanumeric string (e.g. the internal Employee number etc).You can add custom attributes (and classes) via Microsoft's ADSI editor like on any AD-based domain just fine. I'm not sure whether there's a "samba native" method for this that actually works. I wouldn't abuse any existing attributes, because you won't know which software will expect it to work as documented (and might even overwrite your data).> > Thanks !! > ___________________________________________________________________________________________ > > Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1 > 815 2236, eMail: mariopiorusso at ie.ibm.com > IBM Ireland Product Distribution Limited registered in Ireland with number > 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4 > > (Embedded image moved to file: pic61814.gif) > > > > From: Rowland Penny <rowlandpenny at googlemail.com> > To: samba at lists.samba.org > Date: 07/04/2015 16:53 > Subject: Re: [Samba] Samba 4 , ful list of LDAP-style attributes > Sent by: samba-bounces at lists.samba.org > > > > On 07/04/15 16:42, Mario Pio Russo wrote: >> Good Day all >> >> I am going to create few scripts that uses the ldapmodify in order to >> populate and samba4 Domain, I was wondering , what is the full list of >> attributes that a samba 4 domain supports? >> >> thanks >> > ___________________________________________________________________________________________ > >> >> Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1 >> 815 2236, eMail: mariopiorusso at ie.ibm.com >> IBM Ireland Product Distribution Limited registered in Ireland with > number >> 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin > 4 >> >> (Embedded image moved to file: pic56631.gif) >> >> > > What do you mean 'populate' ? , this sounds like what 'samba-tool domain > provision' already does. > > Rowland > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > > >-- Mit freundlichen Gr??en, / Best Regards, Sven Schwedas Systemadministrator TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167 http://software.tao.at -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20150408/8a15a675/attachment.pgp>
Thanks Sven, good Idea let's see if i am getting this right: 1) use MS ADSI editor to add few more attributes to the "users" class 2) use ldapmodify from my ubuntu server to populate those attributes would that work? ___________________________________________________________________________________________ Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1 815 2236, eMail: mariopiorusso at ie.ibm.com IBM Ireland Product Distribution Limited registered in Ireland with number 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4 (Embedded image moved to file: pic32593.gif) From: Sven Schwedas <sven.schwedas at tao.at> To: samba at lists.samba.org Date: 08/04/2015 11:04 Subject: Re: [Samba] Samba 4 , ful list of LDAP-style attributes Sent by: samba-bounces at lists.samba.org On 2015-04-08 11:57, Mario Pio Russo wrote:> sorry guys , I think I didn't explain well. > > basically I have a samba 4 domain (created by upgrading+migrating a samba3> PDC). For every new user that we add to this domain I need to save some > additional info which are very specific for our company/department, butthe> problem is that I cannot create custom attributes into the Samba4 ldap > back-end. For this reason I was thinking to use some "less used"attributes> of AD. Unfortunately the attribute "Description" is already being used,so> I was wondering if there are other attributes I can use to store short > alphanumeric string (e.g. the internal Employee number etc).You can add custom attributes (and classes) via Microsoft's ADSI editor like on any AD-based domain just fine. I'm not sure whether there's a "samba native" method for this that actually works. I wouldn't abuse any existing attributes, because you won't know which software will expect it to work as documented (and might even overwrite your data).> > Thanks !! >___________________________________________________________________________________________> > Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1 > 815 2236, eMail: mariopiorusso at ie.ibm.com > IBM Ireland Product Distribution Limited registered in Ireland withnumber> 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin4> > (Embedded image moved to file: pic61814.gif) > > > > From: Rowland Penny <rowlandpenny at googlemail.com> > To: samba at lists.samba.org > Date: 07/04/2015 16:53 > Subject: Re: [Samba] Samba 4 , ful list of LDAP-style attributes > Sent by: samba-bounces at lists.samba.org > > > > On 07/04/15 16:42, Mario Pio Russo wrote: >> Good Day all >> >> I am going to create few scripts that uses the ldapmodify in order to >> populate and samba4 Domain, I was wondering , what is the full list of >> attributes that a samba 4 domain supports? >> >> thanks >> >___________________________________________________________________________________________> >> >> Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +3531>> 815 2236, eMail: mariopiorusso at ie.ibm.com >> IBM Ireland Product Distribution Limited registered in Ireland with > number >> 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge,Dublin> 4 >> >> (Embedded image moved to file: pic56631.gif) >> >> > > What do you mean 'populate' ? , this sounds like what 'samba-tool domain > provision' already does. > > Rowland > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > > >-- Mit freundlichen Gr??en, / Best Regards, Sven Schwedas Systemadministrator TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167 http://software.tao.at (See attached file: signature.asc)-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
On 08/04/15 10:57, Mario Pio Russo wrote:> sorry guys , I think I didn't explain well. > > basically I have a samba 4 domain (created by upgrading+migrating a samba 3 > PDC). For every new user that we add to this domain I need to save some > additional info which are very specific for our company/department, but the > problem is that I cannot create custom attributes into the Samba4 ldap > back-end. For this reason I was thinking to use some "less used" attributes > of AD. Unfortunately the attribute "Description" is already being used, so > I was wondering if there are other attributes I can use to store short > alphanumeric string (e.g. the internal Employee number etc). > > Thanks !! > ___________________________________________________________________________________________ > > Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1 > 815 2236, eMail: mariopiorusso at ie.ibm.com > IBM Ireland Product Distribution Limited registered in Ireland with number > 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4 > > (Embedded image moved to file: pic61814.gif) > > > > From: Rowland Penny <rowlandpenny at googlemail.com> > To: samba at lists.samba.org > Date: 07/04/2015 16:53 > Subject: Re: [Samba] Samba 4 , ful list of LDAP-style attributes > Sent by: samba-bounces at lists.samba.org > > > > On 07/04/15 16:42, Mario Pio Russo wrote: >> Good Day all >> >> I am going to create few scripts that uses the ldapmodify in order to >> populate and samba4 Domain, I was wondering , what is the full list of >> attributes that a samba 4 domain supports? >> >> thanks >> > ___________________________________________________________________________________________ > >> Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1 >> 815 2236, eMail: mariopiorusso at ie.ibm.com >> IBM Ireland Product Distribution Limited registered in Ireland with > number >> 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin > 4 >> (Embedded image moved to file: pic56631.gif) >> >> > What do you mean 'populate' ? , this sounds like what 'samba-tool domain > provision' already does. > > Rowland > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >OK, do you have an ldap.schema of your proposed additions, if so, you may be able to create an AD ldif from this with 'oLschema2ldif', this is usually in /usr/bin if using a debian package, you can then update AD with the resultant .ldif (after you split it into the objectclasses & attributes) If this isn't possible, the schema files are usually installed by whatever packages you installed i.e. on Debian, they would be in '/usr/share/samba/setup/ad-schema' It is worth looking in 'MS-AD_Schema_2K8_R2_Attributes.txt' , you might find that everything you need is available with AD already. Rowland
Cool, I'll have a look at this too, thanks All! ___________________________________________________________________________________________ Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1 815 2236, eMail: mariopiorusso at ie.ibm.com IBM Ireland Product Distribution Limited registered in Ireland with number 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4 (Embedded image moved to file: pic34445.gif) From: Rowland Penny <rowlandpenny at googlemail.com> To: samba at lists.samba.org Date: 08/04/2015 11:16 Subject: Re: [Samba] Samba 4 , ful list of LDAP-style attributes Sent by: samba-bounces at lists.samba.org On 08/04/15 10:57, Mario Pio Russo wrote:> sorry guys , I think I didn't explain well. > > basically I have a samba 4 domain (created by upgrading+migrating a samba3> PDC). For every new user that we add to this domain I need to save some > additional info which are very specific for our company/department, butthe> problem is that I cannot create custom attributes into the Samba4 ldap > back-end. For this reason I was thinking to use some "less used"attributes> of AD. Unfortunately the attribute "Description" is already being used,so> I was wondering if there are other attributes I can use to store short > alphanumeric string (e.g. the internal Employee number etc). > > Thanks !! >___________________________________________________________________________________________> > Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1 > 815 2236, eMail: mariopiorusso at ie.ibm.com > IBM Ireland Product Distribution Limited registered in Ireland withnumber> 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin4> > (Embedded image moved to file: pic61814.gif) > > > > From: Rowland Penny <rowlandpenny at googlemail.com> > To: samba at lists.samba.org > Date: 07/04/2015 16:53 > Subject: Re: [Samba] Samba 4 , ful list of LDAP-style attributes > Sent by: samba-bounces at lists.samba.org > > > > On 07/04/15 16:42, Mario Pio Russo wrote: >> Good Day all >> >> I am going to create few scripts that uses the ldapmodify in order to >> populate and samba4 Domain, I was wondering , what is the full list of >> attributes that a samba 4 domain supports? >> >> thanks >> >___________________________________________________________________________________________> >> Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +3531>> 815 2236, eMail: mariopiorusso at ie.ibm.com >> IBM Ireland Product Distribution Limited registered in Ireland with > number >> 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge,Dublin> 4 >> (Embedded image moved to file: pic56631.gif) >> >> > What do you mean 'populate' ? , this sounds like what 'samba-tool domain > provision' already does. > > Rowland > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >OK, do you have an ldap.schema of your proposed additions, if so, you may be able to create an AD ldif from this with 'oLschema2ldif', this is usually in /usr/bin if using a debian package, you can then update AD with the resultant .ldif (after you split it into the objectclasses & attributes) If this isn't possible, the schema files are usually installed by whatever packages you installed i.e. on Debian, they would be in '/usr/share/samba/setup/ad-schema' It is worth looking in 'MS-AD_Schema_2K8_R2_Attributes.txt' , you might find that everything you need is available with AD already. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Adam Tauno Williams
2015-Apr-08 11:18 UTC
[Samba] Samba 4 , ful list of LDAP-style attributes
On Wed, 2015-04-08 at 12:04 +0200, Sven Schwedas wrote:> On 2015-04-08 11:57, Mario Pio Russo wrote: > > sorry guys , I think I didn't explain well. > > > > basically I have a samba 4 domain (created by upgrading+migrating a samba 3 > > PDC). For every new user that we add to this domain I need to save some > > additional info which are very specific for our company/department, but the > > problem is that I cannot create custom attributes into the Samba4 ldap > > back-end. For this reason I was thinking to use some "less used" attributes > > of AD. Unfortunately the attribute "Description" is already being used, so > > I was wondering if there are other attributes I can use to store short > > alphanumeric string (e.g. the internal Employee number etc). > > You can add custom attributes (and classes) via Microsoft's ADSI editor > like on any AD-based domain just fine. I'm not sure whether there's a > "samba native" method for this that actually works. > > I wouldn't abuse any existing attributes, because you won't know which > software will expect it to work as documented (and might even overwrite > your data).+1 *NO* do not re-purpose attributes. see: <https://wiki.samba.org/index.php/Samba_AD_Schema_Extenstions> <http://david-latham.blogspot.com/2012/12/extending-ad-schema-on-samba4-part-2.html> -- Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: This is a digitally signed message part URL: <http://lists.samba.org/pipermail/samba/attachments/20150408/12b8435f/attachment.pgp>