On 07/01/2021 14:32, James Nord via samba wrote:> Hi all,
>
> I can't find any way (which is either I am missing it, or it does not
> exist) to create a container type in a Samba AD setup.
This all depends on whether you mean 'OU' or 'CN'
>
> fallback is to do this with ldapmodify - but this has some issues as I am
> trying to setup a large / complex AD tree in docker to be able to use it
> for some performance testing of a product and the ldap tool needs to be
> told passwords and the domain structure rather than just have a
> relative PATH, as well as some race conditions that makes it a little flaky
> to use this approach :(
Use ldbmodify instead, this will allow you to use kerberos.
>
> Does anyone know if it is possible to do using samba native tooling?
>
> In other words, under an OU I would like some containers so I can separate
> out various types of other things like (users, contractors, groups, etc..)
If you mean you want to use 'OU', then run 'samba-tool ou
--help'
>
> or even a flag for creating users to say force create the structure
> (`samba-tool user create --userou=CN=Users,OU=My-Org luser` fails
> unsuprisingly as as CN=Users does not exist)
Oh yes it does ?
It is the standard container for users & groups, so you will not be able
to use it elsewhere in AD.
Rowland