Robert Moskowitz
2015-Sep-06 18:18 UTC
[Samba] How to learn abut what is in the samba ldap directory
On 09/06/2015 01:26 PM, Marc Muehlfeld wrote:> Hello Robert, > > Am 06.09.2015 um 19:08 schrieb Robert Moskowitz: >> I once upon a time worked with DAP and watched LDAP being created as >> something that actually could work... > what are your goals, by editing LDAP stuff in AD? > > For beginners, I think ADUC (Active Directory User and Computer), which > is part of RSAT (https://wiki.samba.org/index.php/Installing_RSAT), is > the best way to change attributes on directory objects. > > On each object you have an "Attributes" tab, that allows you to access > all attributes in an easy way. > > Beside deleting some important objects (don't delete if you're not > knowing the results!), I think this is the easiest and safest way for > beginners.I just want to understand what information is in the ldap directory. What does the schema(s) containg? What did the classicupgrade create? What gets added when I add a server? A user? Did any of my users get added via the classicupgrade? I know better than to change things with something like phpldapadmin. I have messed up enough things in the past with phpmysqladmin! :)
Rowland Penny
2015-Sep-06 18:46 UTC
[Samba] How to learn abut what is in the samba ldap directory
On 06/09/15 19:18, Robert Moskowitz wrote:> > > On 09/06/2015 01:26 PM, Marc Muehlfeld wrote: >> Hello Robert, >> >> Am 06.09.2015 um 19:08 schrieb Robert Moskowitz: >>> I once upon a time worked with DAP and watched LDAP being created as >>> something that actually could work... >> what are your goals, by editing LDAP stuff in AD? >> >> For beginners, I think ADUC (Active Directory User and Computer), which >> is part of RSAT (https://wiki.samba.org/index.php/Installing_RSAT), is >> the best way to change attributes on directory objects. >> >> On each object you have an "Attributes" tab, that allows you to access >> all attributes in an easy way. >> >> Beside deleting some important objects (don't delete if you're not >> knowing the results!), I think this is the easiest and safest way for >> beginners. > > I just want to understand what information is in the ldap directory. > > What does the schema(s) containg?OK, try this run on the DC (requires ldb-tools): ldbsearch -H /var/lib/samba/private/sam.ldb > samba4.ldif Now open 'samba4.ldif' in your favourite editor If you want to also see the DNS info: ldbsearch -H /var/lib/samba/private/sam.ldb --cross-ncs > samba4.ldif If you want to see the binary DNS info: ldbsearch -H /var/lib/samba/private/sam.ldb --cross-ncs --show-binary > samba4.ldif> > What did the classicupgrade create? > > What gets added when I add a server?ldbsearch -H /var/lib/samba/private/sam.ldb '(objectclass=computer)' Will print all Computers ldbsearch -H /var/lib/samba/private/sam.ldb '(&(objectclass=computer)(samaccountname=Thinkpad$))' Will print the info for a particular computer (in this case, one called 'Thinkpad') ldbsearch -H /var/lib/samba/private/sam.ldb -b 'OU=Domain Controllers,DC=example,DC=com' -s sub '(objectclass=computer)' Will print all DCs ldbsearch -H /var/lib/samba/private/sam.ldb -b 'OU=Domain Controllers,DC=example,DC=com' -s sub '(&(objectclass=computer)(samaccountname=dc1$))' Will print the info for particular DC.> > A user? >ldbsearch -H /var/lib/samba/private/sam.ldb '(&(objectclass=user)(samaccountname=rowland))' Will print the info for a user.> Did any of my users get added via the classicupgrade?Don't know, but you now know how to check what is in AD, but if you want a quick check, run 'wbinfo -u', this should print out all your users.> > I know better than to change things with something like phpldapadmin. > I have messed up enough things in the past with phpmysqladmin! :) > >Been there, done that :-) Rowland
Robert Moskowitz
2015-Sep-06 19:23 UTC
[Samba] How to learn abut what is in the samba ldap directory
Thanks! And I 'learned' about 'wbinfo -u' from your script and none of my user accounts were listed. On 09/06/2015 02:46 PM, Rowland Penny wrote:> On 06/09/15 19:18, Robert Moskowitz wrote: >> >> >> On 09/06/2015 01:26 PM, Marc Muehlfeld wrote: >>> Hello Robert, >>> >>> Am 06.09.2015 um 19:08 schrieb Robert Moskowitz: >>>> I once upon a time worked with DAP and watched LDAP being created as >>>> something that actually could work... >>> what are your goals, by editing LDAP stuff in AD? >>> >>> For beginners, I think ADUC (Active Directory User and Computer), which >>> is part of RSAT (https://wiki.samba.org/index.php/Installing_RSAT), is >>> the best way to change attributes on directory objects. >>> >>> On each object you have an "Attributes" tab, that allows you to access >>> all attributes in an easy way. >>> >>> Beside deleting some important objects (don't delete if you're not >>> knowing the results!), I think this is the easiest and safest way for >>> beginners. >> >> I just want to understand what information is in the ldap directory. >> >> What does the schema(s) containg? > > OK, try this run on the DC (requires ldb-tools): > > ldbsearch -H /var/lib/samba/private/sam.ldb > samba4.ldif > > Now open 'samba4.ldif' in your favourite editor > > If you want to also see the DNS info: > > ldbsearch -H /var/lib/samba/private/sam.ldb --cross-ncs > samba4.ldif > > If you want to see the binary DNS info: > > ldbsearch -H /var/lib/samba/private/sam.ldb --cross-ncs --show-binary > > samba4.ldif > >> >> What did the classicupgrade create? >> >> What gets added when I add a server? > > ldbsearch -H /var/lib/samba/private/sam.ldb '(objectclass=computer)' > > Will print all Computers > > ldbsearch -H /var/lib/samba/private/sam.ldb > '(&(objectclass=computer)(samaccountname=Thinkpad$))' > > Will print the info for a particular computer (in this case, one > called 'Thinkpad') > > ldbsearch -H /var/lib/samba/private/sam.ldb -b 'OU=Domain > Controllers,DC=example,DC=com' -s sub '(objectclass=computer)' > > Will print all DCs > > ldbsearch -H /var/lib/samba/private/sam.ldb -b 'OU=Domain > Controllers,DC=example,DC=com' -s sub > '(&(objectclass=computer)(samaccountname=dc1$))' > > Will print the info for particular DC. > >> >> A user? >> > ldbsearch -H /var/lib/samba/private/sam.ldb > '(&(objectclass=user)(samaccountname=rowland))' > > Will print the info for a user. > >> Did any of my users get added via the classicupgrade? > > Don't know, but you now know how to check what is in AD, but if you > want a quick check, run 'wbinfo -u', this should print out all your > users. > >> >> I know better than to change things with something like >> phpldapadmin. I have messed up enough things in the past with >> phpmysqladmin! :) >> >> > > Been there, done that :-) > > Rowland > >