thr3ads.net - samba - [Samba] core & cosine schema items in Samba AD DC user object? [Mar 2024]

If this information is useful, please help other people find it:
Share via:

Rowland Penny

2024-Mar-26 08:01 UTC

[Samba] core & cosine schema items in Samba AD DC user object?

On Tue, 26 Mar 2024 02:57:51 +0100
Franta Hanzl?k via samba <samba at lists.samba.org> wrote:
> Please, it is possible (perhaps with some Samba schema extension?) to 
> have items as 'c' (countryName), 'l' (localityName),
'l'
> (localityName), 'co' (friendlyCountryName), 'street'
(streetAddress),
> 'displayName' etc. in the description of the USER object?
It is very possible, because they are standard components of the AD
schema:

dn: CN=Country-Name,CN=Schema,CN=Configuration,DC=X
lDAPDisplayName: c

dn: CN=Locality-Name,CN=Schema,CN=Configuration,DC=X
lDAPDisplayName: l

dn: CN=Text-Country,CN=Schema,CN=Configuration,DC=X
lDAPDisplayName: co

dn: CN=Street-Address,CN=Schema,CN=Configuration,DC=X
lDAPDisplayName: street

dn: CN=Display-Name,CN=Schema,CN=Configuration,DC=X
lDAPDisplayName: displayName
> 
> And then how to manage them? The "samba-tool user add"
doesn't seem
> to have a corresponding switch...
That would be up to you writing your own script to add them, unless you
would care to update samba-tool to do this ;-)

Rowland

Joachim Lindenberg

2024-Mar-26 09:32 UTC

head link

[Samba] core & cosine schema items in Samba AD DC user object?

I am using some of these attributes in a .NET application updating them in Samba
AD.
Regards,
Joachim

-----Urspr?ngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland Penny
via samba
Gesendet: Dienstag, 26. M?rz 2024 09:01
An: samba at lists.samba.org
Cc: Rowland Penny <rpenny at samba.org>
Betreff: Re: [Samba] core & cosine schema items in Samba AD DC user object?

On Tue, 26 Mar 2024 02:57:51 +0100
Franta Hanzl?k via samba <samba at lists.samba.org> wrote:
> Please, it is possible (perhaps with some Samba schema extension?) to 
> have items as 'c' (countryName), 'l' (localityName),
'l'
> (localityName), 'co' (friendlyCountryName), 'street'
(streetAddress),
> 'displayName' etc. in the description of the USER object?
It is very possible, because they are standard components of the AD
schema:

dn: CN=Country-Name,CN=Schema,CN=Configuration,DC=X
lDAPDisplayName: c

dn: CN=Locality-Name,CN=Schema,CN=Configuration,DC=X
lDAPDisplayName: l

dn: CN=Text-Country,CN=Schema,CN=Configuration,DC=X
lDAPDisplayName: co

dn: CN=Street-Address,CN=Schema,CN=Configuration,DC=X
lDAPDisplayName: street

dn: CN=Display-Name,CN=Schema,CN=Configuration,DC=X
lDAPDisplayName: displayName
> 
> And then how to manage them? The "samba-tool user add"
doesn't seem to
> have a corresponding switch...
That would be up to you writing your own script to add them, unless you would
care to update samba-tool to do this ;-)

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Franta Hanzlík

2024-Mar-26 13:50 UTC

head link

[Samba] core & cosine schema items in Samba AD DC user object?

On Tue, 26 Mar 2024 08:01:27 +0000
Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Tue, 26 Mar 2024 02:57:51 +0100
> Franta Hanzl?k via samba <samba at lists.samba.org> wrote:
> 
> > Please, it is possible (perhaps with some Samba schema extension?) to 
> > have items as 'c' (countryName), 'l' (localityName),
'l'
> > (localityName), 'co' (friendlyCountryName), 'street'
(streetAddress),
> > 'displayName' etc. in the description of the USER object?  
> 
> It is very possible, because they are standard components of the AD
> schema:
> 
> dn: CN=Country-Name,CN=Schema,CN=Configuration,DC=X
> lDAPDisplayName: c
> 
> dn: CN=Locality-Name,CN=Schema,CN=Configuration,DC=X
> lDAPDisplayName: l
> 
> dn: CN=Text-Country,CN=Schema,CN=Configuration,DC=X
> lDAPDisplayName: co
> 
> dn: CN=Street-Address,CN=Schema,CN=Configuration,DC=X
> lDAPDisplayName: street
> 
> dn: CN=Display-Name,CN=Schema,CN=Configuration,DC=X
> lDAPDisplayName: displayName
Yeah, it is super!
My mistake was - before I was only looking in the 
/etc/openldap/schema/samba.schema file, where these attributes are not 
there. But now I can see them in the 
/usr/share/samba/setup/ad-schema/AD_DS_Attributes__Windows_Server_2016.ldf 
file (which is perhaps what the Samba uses as its schema).
> > 
> > And then how to manage them? The "samba-tool user add"
doesn't seem
> > to have a corresponding switch...  
> 
> That would be up to you writing your own script to add them, unless you
> would care to update samba-tool to do this ;-)
Maybe these attributes can be supplemented with some Windows tool (RSAT/ 
ADUC), I haven't tried it yet.

What I just tried - add these attributes to AD with ldbmodify and a pre-
prepared LDIF file (as:

dn: CN=Pep?k,OU=dob??,OU=kamar?di,DC=ad,DC=hanzlici,DC=cz
changetype: modify
add: l
l: Plze?

) - and it works well, thus problem is solved.

And another finding - adding a non-existent attribute such as Locality-Name (

dn: CN=Pep?k,OU=dob??,OU=kamar?di,DC=ad,DC=hanzlici,DC=cz
changetype: modify
add: Locality-Name
Locality-Name: Plze?

to the schema (I mistakenly thought that e.g. the 'l' attribute is an 
external/LDAP alias for the internal "Locality-Name" attribute used 
by Samba) will not fail, and the USER object will have both "l" and 
"Locality-Name" attributes. Is it ok that I can add any nonsense 
(attribute not in schema) to the object?
> 
> Rowland
> 
> -- 
Rowland, thank you so much!
-- 
Franta Hanzlik

Maybe Matching Threads

Search for more apparently analagous threads

samba - Mar 2024 - core & cosine schema items in Samba AD DC user object?

[Samba] core & cosine schema items in Samba AD DC user object?

[Samba] core & cosine schema items in Samba AD DC user object?

[Samba] core & cosine schema items in Samba AD DC user object?

Maybe Matching Threads