search for: base_dn

...rl ldap to create those objects but I didn't manage to set the sAMAccountType to "805306369" ( apparently this is a read only auto generated value) Is there any way to do that under Linux ? Thanks, Thomas #! /usr/bin/perl use strict; use Net::LDAP; use Net::LDAP::Entry; my $base_dn = "DC=my,DC=domain"; my $computer_name = "host01"; my $computer_branche = "OU=Workstations"; my $computer_dn = "CN=$computer_name,$computer_branche,$base_dn"; my $ldap = Net::LDAP->new( 'ldap://20.20.1.11') or die "$@"; my $mesg = $ldap...

...ich many of the filters rely on. To query a user's nested groups I use this little script (on the DCs): #!/bin/bash if [[ $# -lt 1 ]]; then ??? echo "Usage: $0 <ldap_object>" ??? echo "??? ldap_object?? name of a computer, user or group" ??? exit 1 fi OBJECT=$1 BASE_DN="DC=$(dnsdomainname | sed 's/\./,DC=/g')" # Use UID instead of sAMAccountName because it does not have the $ ending for computer accounts OBJECT_DN="$(ldbsearch -H /var/lib/samba/private/sam.ldb -b "${BASE_DN}" "(|(CN=${OBJECT})(UID=${OBJECT}))" 2> /d...

...n build in, meaning that if the user enabled it, we will query about his basic data (email,pwd) on a user-setup LDAP directory. It used to work fine when I was testing with OpenLDAP. The code, essentially, is this: connection.bind(self.bind_dn,self.password) connection.search2(self.base_dn,1,"(& (userPassword=#{password}) (mail=#{email}))",nil,false,5,5000) It binds and then searches for the user by mail and password. The entries must have a userPassword and mail attributes. It''s part of the core schema (I guess), so it works fine on OpenLDAP. I then went to...

I'm quite confused by this one, as I can't see how this would happen.. but after upgrading my DCs from 4.11.10 to 4.18.5, LDAP searches don't seem to work if they use the :1.2.840.113556.1.4.1941: modifier, aka LDAP_MATCHING_RULE_IN_CHAIN. (Yes, it was a fairly big version jump.. Yes, I should have upgraded much earlier.. Yes, I know 4.19.x is out now as well) Here's a search that

...cmd/domain.py", line 1013, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line 831, in upgrade_from_samba3 shells[username] = get_posix_attr_from_ldap_backend(logger, ldb_object, base_dn, username, "loginShell") File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line 543, in get_posix_attr_from_ldap_backend return msg[0][attr][0]* Any idea ?

Hi all, Where do you store your non-Rails-specific configuration info? For instance, I want to be able to login to LDAP as a particular admin user. I don''t want the u/p combo in any of the models...does it go in environment.rb? database.yml? Set a constant in a lib file? When you''ve got it in a good location, how do you access it? Thanks! Sean

...mba/netcmd/domain.py", line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line 800, in upgrade_from_samba3 homes[username] = get_posix_attr_from_ldap_backend(logger, ldb_object, base_dn, username, "homeDirectory") File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line 546, in get_posix_attr_from_ldap_backend return msg[0][attr][0] The connection to the LDAP server was closed

...y:dict:lastlogin zlib_save = gz zlib_save_level = 6 } dovecot-ldap-dict.conf.ext: uri = ldap://ldap.internal bind_dn = cn=Manager,dc=mail,dc=com password = XXXX tls = no debug = 1 map { pattern = last-login/$user filter = (&(mail=%{user})(objectClass=mailUser)) # the () is required base_dn = o=domains,dc=mail,dc=com username_attribute = mail value_attribute = lastLoginTime fields { mail=$user } } I don't see dovecot ever making a connection to the LDAP server I've configured in the dovecot-ldap-dict.conf.ext file. Log shows ==> /var/log/dovecot.log <==...

...ri = ldap://ldap.internal > > bind_dn = cn=Manager,dc=mail,dc=com > > password = XXXX > > tls = no > > debug = 1 > > > > map { > > pattern = last-login/$user > > filter = (&(mail=%{user})(objectClass=mailUser)) # the () is required > > base_dn = o=domains,dc=mail,dc=com > > username_attribute = mail > > value_attribute = lastLoginTime > > fields { > > mail=$user > > } > > } > > > > I don't see dovecot ever making a connection to the LDAP server I've > > configured...

...rs ldap passwd sync = yes ldap suffix = dc=example,dc=com ldap user suffix = ou=People ldap debug level = 1 idmap config *:backend = ldap idmap config *:readonly = no idmap config *:range = 1000-1999999 idmap config *:ldap_url=ldap://localhost idmap config *:ldap_base_dn = cn=Manager,dc=example,dc=com idmap config MYDOMAIN:backend = ldap idmap config MYDOMAIN:readonly = no idmap config MYDOMAIN:range = 1000-1999999 idmap config MYDOMAIN:ldap_url=ldap://localhost idmap config MYDOMAIN:ldap_base_dn = cn=Manager,dc=example,dc=com idmap config M...

...s ../mods-available/ldap ldap chown -h freerad:freerad ldap ``` - modify module ldap to retrieve group information ``` # /etc/freeradius/3.0/mods-available/ldap server = '10.0.1.250' server = '10.0.1.251' identity = 'cn=dc01,cn=users,dc=ds,dc=example,dc=com' password = *** base_dn = 'cn=users,dc=ds,dc=example,dc=com' user: filter = "(|(samaccountname=%{%{Stripped-User-Name}:-%{User-Name}})(userprincipalname=%{User-Name}))" group: filter = "(objectClasse=group)" group: membership_filter = "(member:1.2.840.113556.1.4.1941:=%{control:Ldap-UserDn...

...> > dovecot-ldap-dict.conf.ext: > uri = ldap://ldap.internal > bind_dn = cn=Manager,dc=mail,dc=com > password = XXXX > tls = no > debug = 1 > > map { > pattern = last-login/$user > filter = (&(mail=%{user})(objectClass=mailUser)) # the () is required > base_dn = o=domains,dc=mail,dc=com > username_attribute = mail > value_attribute = lastLoginTime > fields { > mail=$user > } > } > > I don't see dovecot ever making a connection to the LDAP server I've > configured in the dovecot-ldap-dict.conf.ext file. &gt...

...d ldap > ``` > > - modify module ldap to retrieve group information > > ``` > # /etc/freeradius/3.0/mods-available/ldap > server = '10.0.1.250' > server = '10.0.1.251' > identity = 'cn=dc01,cn=users,dc=ds,dc=example,dc=com' > password = *** > base_dn = 'cn=users,dc=ds,dc=example,dc=com' > user: filter = "(|(samaccountname=%{%{Stripped-User-Name}:-%{User-Name}})(userprincipalname=%{User-Name}))" > group: filter = "(objectClasse=group)" > group: membership_filter = "(member:1.2.840.113556.1.4.1941:=%{cont...

...roup information >> >> ``` >> # /etc/freeradius/3.0/mods-available/ldap >> server = '10.0.1.250' >> server = '10.0.1.251' >> identity = 'cn=dc01,cn=users,dc=ds,dc=example,dc=com' >> password = *** >> base_dn = 'cn=users,dc=ds,dc=example,dc=com' >> user: filter = >> "(|(samaccountname=%{%{Stripped-User-Name}:-%{User-Name}})(userprincipalname=%{User-Name}))" >> group: filter = "(objectClasse=group)" >> group: membership_filter = >>...

Hi I am testing the migration from our actual Samba domain, based on Samba 3.3.8 and LDAP (389DS) to Samba 4. I have followed the Samba4 Howto, and I have successfully compiled it. Now I am running the classicupgrade command, but I am getting some errors. First of them is that the script is ignoring the "ldap group suffix" parameter in smb.conf, and is always searching in the

...e ldap to retrieve group information > > > > ``` > > # /etc/freeradius/3.0/mods-available/ldap > > server = '10.0.1.250' > > server = '10.0.1.251' > > identity = 'cn=dc01,cn=users,dc=ds,dc=example,dc=com' > > password = *** > > base_dn = 'cn=users,dc=ds,dc=example,dc=com' > > user: filter = "(|(samaccountname=%{%{Stripped-User-Name}:-%{User-Name}})(userprincipalname=%{User-Name}))" > > group: filter = "(objectClasse=group)" > > group: membership_filter = "(member:1.2.840.113556.1...

...gt; > Hi Baptiste, whilst eating my dinner, I was browsing scluster again > (really think that's a bad name, but it is your project ;-) ) and I > found this in samba_conf.sh.erb: > > # add gid attribute to Domain Users # > echo "\ > dn: CN=Domain Users,CN=Users,<%= @base_dn %> > changetype: modify > add:objectclass > objectclass: posixGroup > - > add: gidnumber > gidnumber: 100 > " > /tmp/Domain_Users.ldif > > My first thoughts were: NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO > > Why are you doing this ? You have just s...

Hello Tim, Hello samba-people, is there an uptodate guide for authenticating via freeradius somewhere? I have some Ubiquiti APs plus a Cloud Key and I want to authenticate WLAN clients via WPA2-Enterprise instead of a (shared) PSK. It seems like https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory is missing some steps (basic setup of freeradius). Can you

...Regards, > > Baptiste. > Hi Baptiste, whilst eating my dinner, I was browsing scluster again? (really think that's a bad name, but it is your project ;-) ) and I found this in samba_conf.sh.erb: # add gid attribute to Domain Users # echo "\ dn: CN=Domain Users,CN=Users,<%= @base_dn %> changetype: modify add:objectclass objectclass: posixGroup - add: gidnumber gidnumber: 100 " > /tmp/Domain_Users.ldif My first thoughts were: NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO Why are you doing this ? You have just stopped the winbind 'ad' backend working on a...

...rowsing scluster again > >> (really think that's a bad name, but it is your project ;-) ) and I > >> found this in samba_conf.sh.erb: > >> > >> # add gid attribute to Domain Users # > >> echo "\ > >> dn: CN=Domain Users,CN=Users,<%= @base_dn %> > >> changetype: modify > >> add:objectclass > >> objectclass: posixGroup > >> - > >> add: gidnumber > >> gidnumber: 100 > >> " > /tmp/Domain_Users.ldif > >> > >> My first thoughts were: NOOOOOOOOOOOOOOOO...