[Freeipa-users] FreeIPA 2, adding Samba attributes
Simo Sorce
simo at redhat.com
Thu Jun 9 12:31:49 UTC 2011
On Thu, 2011-06-09 at 12:44 +0200, John S. Skogtvedt wrote:
> Hello,
>
> has anybody tried to integrate Samba with FreeIPA 2? I searched and
> found a mailing list post from 2009 with a solution using the 389 DNA
> plugin, but later posts indicated that the solution outlined wasn't
> correct (and probably out of date).
>
> My impression from what I've read is that there is no way of doing it
> other than configuring FreeIPA to add samba object classes, and
> specifying the required attributes when adding a user. The problem then
> is that adding users won't be possible from the web interface, because
> of required samba attributes (unless one instead later adds the
> necessary object classes and attributes).
>
> Is this correct?
You can modify the UI behavior wrt what classes and attribute to store.
> If so, I wonder how much work it might be to either add a small hack to
> the web interface to add the necessary attributes, or to write a web
> interface plugin which adds a user with the necessary attributes. Any
> pointers would be appreciated (I know python).
> I think it'd be useful to be able to add template values as well as
> objectclasses in ipaConfig, e.g. something like:
> ipaUserAttrs: sambaSid: ...-$uid, where $uid is expanded when the user
> is created.
You probably want to use the DNA plugin to generate the sambaSid for you
once you have a domain SID, it's not too difficult and will be much less
error prone.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list