AD how to add 'posixAccount' to an user's objectClass content

[hkuhn]

hey all,

i've running a w2k-server with a rcf2703 schema upgrade. after updating one linux-client's samba to 3.4.2 getent via winbind doesn't answer with any uids/gids from the AD. after reading the ldap_server/devdocs/rfc2307.txt from samba I recognized that for retriving all users (getpwent()) the ladp search filter (objectClass=posixAccount) is issued.

Having a look at the objectClass content of an user, the posixAccount class is missing!

Trying to set the posixAccount with ldifde -i -f ... in the user's objectClass with the following ldif failed: The server side error is "The specified method is not supported."

dn: CN=test,OU=Domain Users,DC=...,DC=...
changetype: modify
add: objectClass
objectClass: posixAccount
-

-> error-msg: The server side error is "The specified method is not supported."

Can anybody answer the question how add the posixAccount to the user's objectClass Attribute?

Regards for your help.

Bye,
Henrik

Hi,

Your ldf file looks good but unfortunately it's only good for Windows Server
2003 AD or later.


In Windows 2000 AD it is not possible to add an auxiliary class to an
instance of an object like
CN=test,OU=Domain Users,DC=...,DC=...

this is a so-called dynamic auxiliary class.[1]


In Windows 2000 AD the auxiliary class can only be added to the user class
in the schema which means that it is inherited by all instances of that
object class that you create , this is a so-called static auxiliary class.
However a static auxiliary class of an object class in Windows 2000 AD does
*not* show that auxiliary class in the objectClass attribute of any instance
of that class [2] and so a filter like
(objectClass=some-static-auxiliary-class-name) will not return a match.


I think you need Windows Server 2003 AD or later to achieve what you want or
a way in your samba configuration to map "posixAccount" to "user" as the
class used to search.

Lee Flight



[1] http://msdn.microsoft.com/en-us/libr...90(VS.85).aspx
[2] http://msdn.microsoft.com/en-us/libr...(PROT.13).aspx




"hkuhn" <hkuhn.44omba@DoNotSpam.com> wrote in message
news:hkuhn.44omba@DoNotSpam.com...
>
> hey all,
>
> i've running a w2k-server with a rcf2703 schema upgrade. after updating
> one linux-client's samba to 3.4.2 getent via winbind doesn't answer with
> any uids/gids from the AD. after reading the
> ldap_server/devdocs/rfc2307.txt from samba I recognized that for
> retriving all users (getpwent()) the ladp search filter
> (objectClass=posixAccount) is issued.
>
> Having a look at the objectClass content of an user, the posixAccount
> class is missing!
>
> Trying to set the posixAccount with ldifde -i -f ... in the user's
> objectClass with the following ldif failed: The server side error is
> "The specified method is not supported."
>
> dn: CN=test,OU=Domain Users,DC=...,DC=...
> changetype: modify
> add: objectClass
> objectClass: posixAccount
> -
>
> -> error-msg: The server side error is "The specified method is not
> supported."
>
> Can anybody answer the question how add the posixAccount to the user's
> objectClass Attribute?
>
> Regards for your help.
>
> Bye,
> Henrik
>
>
> --
> hkuhn
> ------------------------------------------------------------------------
> hkuhn's Profile: http://forums.techarena.in/members/173434.htm
> View this thread: AD how to add 'posixAccount' to an user's objectClass content
>
> http://forums.techarena.in
>

Lee,
thank you very much for your expert answer. Now I know that there is know change to find a solution this way.

With best reagrds,
Henrik

---
frmsrcurl: http://msgroups.net/microsoft.public...user-s-objectC