Samba integration / adding more objectClasses

[Albrecht Dreß]

Dear Christian:

Am 20.08.2008 05:53:56 schrieb(en) Christian Tardif:
> I'm working on it. Actually, I can see that the new objects are not  
> sent to the add function. Here is a dump just after all objects are  
> populated:

I at least partly solved the issue!  If you have a look at the attached  
patch, the user.php script now does the following:

- populate the LDAP entry with the basic Samba stuff when a user is  
added;
- auto-select the first free POSIX UID, starting with 2000.  I also use  
this to create the Samba SID, which may actually be wrong (see below);
- auto-assignment of the default group and Samba primary group (again,  
see below);
- call cracklib when the user tries to change h(is|er) password, as to  
reject weak ones (I think there is also a php class for that, but it's  
not installed).  Note that the super user *may* issue weak passwords  
(like "start" or whatever) when a user is created which might come  
handy.  No idea how to force changing the pwd when the user first logs  
in on Win, though.

This approach more or less works, but I wasn't able to get roaming  
profiles working on Samba without tweaking the Win registry on each  
client workstation.  I'm still fighting with that, and got an  
indication from the Samba list that something with the SID's might be  
wrong (see  
<http://lists.samba.org/archive/samba/2008-August/142991.html>).  If  
you have more insight into that, any hint would be warmly welcome!

I also started writing a new howto, including all the diffs and  
patches, but will finalise that only after resolving the samba issues  
(and probably more, like hopefully getting SELinux policies).

Any comments to the patch are of course welcome!

Cheers,
Albrecht.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kolab.diff
Type: text/x-patch
Size: 4428 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/users/attachments/20080820/0498ea85/attachment.bin>