[Freeipa-users] FreeIPA 2, adding Samba attributes
Dmitri Pal
dpal at redhat.com
Thu Jun 9 15:05:53 UTC 2011
On 06/09/2011 08:31 AM, Simo Sorce wrote:
> On Thu, 2011-06-09 at 12:44 +0200, John S. Skogtvedt wrote:
>> Hello,
>>
>> has anybody tried to integrate Samba with FreeIPA 2? I searched and
>> found a mailing list post from 2009 with a solution using the 389 DNA
>> plugin, but later posts indicated that the solution outlined wasn't
>> correct (and probably out of date).
>>
>> My impression from what I've read is that there is no way of doing it
>> other than configuring FreeIPA to add samba object classes, and
>> specifying the required attributes when adding a user. The problem then
>> is that adding users won't be possible from the web interface, because
>> of required samba attributes (unless one instead later adds the
>> necessary object classes and attributes).
>>
>> Is this correct?
> You can modify the UI behavior wrt what classes and attribute to store.
>
>> If so, I wonder how much work it might be to either add a small hack to
>> the web interface to add the necessary attributes, or to write a web
>> interface plugin which adds a user with the necessary attributes. Any
>> pointers would be appreciated (I know python).
>> I think it'd be useful to be able to add template values as well as
>> objectclasses in ipaConfig, e.g. something like:
>> ipaUserAttrs: sambaSid: ...-$uid, where $uid is expanded when the user
>> is created.
> You probably want to use the DNA plugin to generate the sambaSid for you
> once you have a domain SID, it's not too difficult and will be much less
> error prone.
>
> Simo.
>
Once in the past the DS was fixed to be able to be a back end for the
Samba4 server so I suspect it should provide all the functionality you need.
A plugin can be written to provide cli and UI management of Samba
attributes.
Are you interested in writing such a plugin?
What is your end goal and time line?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list