From: Volker Lendecke on
On Fri, Feb 26, 2010 at 06:57:01PM -0600, Carlos Ramos Gómez wrote:
> Hello list, have a samba 3.4.3 as domain controller with openldap as
> backend, using ldapsam:trusted = Yes and ldapsam:editposix = Yes and
> everything works like a charm. Now i would like to use this ldap for
> storing more information about my users; full name, phone, address and
> maybe even a picture. InetOrgPerson is the objectClass i would like to
> use since it's standard and has all i need and more. Samba use the
> account objectClass as structural class for user and computer
> accounts, and since inetOrgPerson and account are both structural
> openldap won't let me have both in the same entry. I've been checking
> the code and it looks like the creation of the users with account as
> objectClass is hardcoded in samba so i guess there is no parameter in
> the configuration file which allows me to override this behavior. I
> also tried to modify my schema making inetOrgPerson the parent class
> of the account class but it turns out that sn is a required attribute
> in inetOrgPerson and samba obviously doesn't add this parameter so the
> user creation fails. The other options i see here would require heavy
> modifications to the ldap schema or modify the samba itself to create
> user accounts as inetOrgPerson and add an sn attribute in the process.
> So before taking any of those options i just wanted to make sure that
> there is not an easier one i have not seen. Any ideas are welcome.

The best here would be to remove the ldapsam:editposix and
do it with scripts of your own. ldapsam:editposix was made
for simple configuration of a very specific DIT layout. If
you need it to be different, please look at scripts.

To unsubscribe from this list go to the following URL and read the