El 09/04/15 a les 16:20, Rowland Penny ha escrit:> On 09/04/15 14:58, Luca Olivetti wrote: >> El 09/04/15 a les 14:57, Andrey Repin ha escrit: >>>> Using the RFC2307 attributes, you will get the same ID number on every >>>> Unix machine, whereas if you use the 'rid' backend, whilst you should >>>> get the same ID on each Unix machine, you will never get the same ID on >>>> an AD DC, in fact without intervention, you will get a different ID on >>>> different DCs >>> Ok, good. >>> Now, how can I get RFC2307 attributes populated automatically upon >>> users or >>> groups creation? >> You can't :-( >> I'm experimenting with >> https://github.com/laotse/SambaPosix >> but it's quite buggy (at least regarding the features I'm trying, >> namely, trying to assign uids the same way as ADUC). >> >> >> Bye > > OH yes you can, well I can :-)Can you share how? Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es Tel. +34 935883004 Fax +34 935883007
On 09/04/15 15:32, Luca Olivetti wrote:> El 09/04/15 a les 16:20, Rowland Penny ha escrit: >> On 09/04/15 14:58, Luca Olivetti wrote: >>> El 09/04/15 a les 14:57, Andrey Repin ha escrit: >>>>> Using the RFC2307 attributes, you will get the same ID number on every >>>>> Unix machine, whereas if you use the 'rid' backend, whilst you should >>>>> get the same ID on each Unix machine, you will never get the same ID on >>>>> an AD DC, in fact without intervention, you will get a different ID on >>>>> different DCs >>>> Ok, good. >>>> Now, how can I get RFC2307 attributes populated automatically upon >>>> users or >>>> groups creation? >>> You can't :-( >>> I'm experimenting with >>> https://github.com/laotse/SambaPosix >>> but it's quite buggy (at least regarding the features I'm trying, >>> namely, trying to assign uids the same way as ADUC). >>> >>> >>> Bye >> OH yes you can, well I can :-) > Can you share how? > > ByeYou are using python, which to me is a very big snake, so I bash it :-D I just use these two functions in a bash script: # Finds the next useable user uidNumber or group gidNumber # Input : $1 # $1 : msSFU30MaxUidNumber or msSFU30MaxGidNumber # Output : the first free uidNumber or gidNumber _findnext () { ATTR="$1" if [ -z "${ATTR}" ]; then error "No Attribute supplied" error "Cannot continue... Exiting." exit 1 fi _NEXTID=$(ldbsearch -H ${LDBDB} -b "CN=${domainNETBios},CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,${domainDN}" -s sub '(objectClass=msSFU30DomainInfo)' ${ATTR} | grep "${ATTR}: " | awk '{print $NF}') if [ -z "$_NEXTID" ] || [ "$_NEXTID" -lt "10000" ]; then _NEXTID="10000" fi } # UPDATE msSFU30MaxUidNumber/msSFU30MaxGidNumber # Input : $1 $2 # $1: what to update (msSFU30MaxUidNumber or msSFU30MaxGidNumber) # $2: Next Number # # Output : Nothing _updatemax () { ATTR="$1" IDNUM="$2" if [ -z "${ATTR}" ] || [ -z "${IDNUM}" ]; then error "Incomplete data supplied." error "Cannot continue... Exiting." exit 1 fi echo "Updating ${ATTR}" IDLDIF="dn: CN=${domainNETBios},CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,${domainDN} changetype: modify replace: ${ATTR} ${ATTR}: ${IDNUM}" echo "${IDLDIF}" | ldbmodify -H ${LDBDB} if [ $? != 0 ]; then error "Error updating ${ATTR} in AD." echo "${LDIF}" > /tmp/update.ldif exit 1 # exits here if error fi unset IDLDIF echo "Successfully updated ${ATTR} in AD" } Rowland
El 09/04/15 a les 16:36, Rowland Penny ha escrit:>>> OH yes you can, well I can :-) >> Can you share how? >> >> Bye > > You are using python, which to me is a very big snake, so I bash it :-D > > I just use these two functions in a bash script:[snip] Thank you. That's easily translatable in snake form ;-) There are also some scripts here that could help: http://marcitland.blogspot.com/2011/02/python-active-directory-linux.html Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es Tel. +34 935883004 Fax +34 935883007
Greetings, Rowland Penny!>>>>> Ok, good. >>>>> Now, how can I get RFC2307 attributes populated automatically upon >>>>> users or >>>>> groups creation? >>>> You can't :-( >>>> I'm experimenting with >>>> https://github.com/laotse/SambaPosix >>>> but it's quite buggy (at least regarding the features I'm trying, >>>> namely, trying to assign uids the same way as ADUC). >>>> >>>> >>>> Bye >>> OH yes you can, well I can :-) >> Can you share how? >> >> Bye> You are using python, which to me is a very big snake, so I bash it :-D> I just use these two functions in a bash script:> # Finds the next useable user uidNumber or group gidNumber > # Input : $1 > # $1 : msSFU30MaxUidNumber or msSFU30MaxGidNumber > # Output : the first free uidNumber or gidNumber > _findnext () { > ATTR="$1" > if [ -z "${ATTR}" ]; then > error "No Attribute supplied" > error "Cannot continue... Exiting." > exit 1 > fi > _NEXTID=$(ldbsearch -H ${LDBDB} -b > "CN=${domainNETBios},CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,${domainDN}" > -s sub '(objectClass=msSFU30DomainInfo)' ${ATTR} | grep "${ATTR}: " | > awk '{print $NF}') > if [ -z "$_NEXTID" ] || [ "$_NEXTID" -lt "10000" ]; then > _NEXTID="10000" > fi > }> # UPDATE msSFU30MaxUidNumber/msSFU30MaxGidNumber > # Input : $1 $2 > # $1: what to update (msSFU30MaxUidNumber or msSFU30MaxGidNumber) > # $2: Next Number > # > # Output : Nothing > _updatemax () { > ATTR="$1" > IDNUM="$2" > if [ -z "${ATTR}" ] || [ -z "${IDNUM}" ]; then > error "Incomplete data supplied." > error "Cannot continue... Exiting." > exit 1 > fi > echo "Updating ${ATTR}"> IDLDIF="dn: > CN=${domainNETBios},CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,${domainDN} > changetype: modify > replace: ${ATTR} > ${ATTR}: ${IDNUM}"> echo "${IDLDIF}" | ldbmodify -H ${LDBDB} > if [ $? != 0 ]; then > error "Error updating ${ATTR} in AD." > echo "${LDIF}" > /tmp/update.ldif > exit 1 # exits here if error > fi > unset IDLDIF > echo "Successfully updated ${ATTR} in AD" > }That will only work on a domain controller. I don't want to touch it at all, if I don't need to blow it apart. Not to mention, it will not add "objectClass: posixAccount" to the user, causing all sort of grief in a long run. -- With best regards, Andrey Repin Thursday, April 9, 2015 18:13:07 Sorry for my terrible english...