Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » AD how to add 'posixAccount' to an user's objectClass content
AD how to add 'posixAccount' to an user's objectClass content [message #366052] Tue, 12 January 2010 08:16 Go to next message
hkuhn  is currently offline hkuhn  United States
Messages: 1
Registered: January 2010
Junior Member
hey all,

i've running a w2k-server with a rcf2703 schema upgrade. after updating
one linux-client's samba to 3.4.2 getent via winbind doesn't answer with
any uids/gids from the AD. after reading the
ldap_server/devdocs/rfc2307.txt from samba I recognized that for
retriving all users (getpwent()) the ladp search filter
(objectClass=posixAccount) is issued.

Having a look at the objectClass content of an user, the posixAccount
class is missing!

Trying to set the posixAccount with ldifde -i -f ... in the user's
objectClass with the following ldif failed: The server side error is
"The specified method is not supported."

dn: CN=test,OU=Domain Users,DC=...,DC=...
changetype: modify
add: objectClass
objectClass: posixAccount
-

-> error-msg: The server side error is "The specified method is not
supported."

Can anybody answer the question how add the posixAccount to the user's
objectClass Attribute?

Regards for your help.

Bye,
Henrik


--
hkuhn
------------------------------------------------------------ ------------
hkuhn's Profile: http://forums.techarena.in/members/173434.htm
View this thread: http://forums.techarena.in/active-directory/1292405.htm

http://forums.techarena.in
Re: AD how to add 'posixAccount' to an user's objectClass content [message #366880 is a reply to message #366052] Wed, 13 January 2010 04:22 Go to previous messageGo to next message
Lee Flight  is currently offline Lee Flight  United Kingdom
Messages: 392
Registered: July 2009
Senior Member
Hi,

Your ldf file looks good but unfortunately it's only good for Windows Server
2003 AD or later.


In Windows 2000 AD it is not possible to add an auxiliary class to an
instance of an object like
CN=test,OU=Domain Users,DC=...,DC=...

this is a so-called dynamic auxiliary class.[1]


In Windows 2000 AD the auxiliary class can only be added to the user class
in the schema which means that it is inherited by all instances of that
object class that you create , this is a so-called static auxiliary class.
However a static auxiliary class of an object class in Windows 2000 AD does
*not* show that auxiliary class in the objectClass attribute of any instance
of that class [2] and so a filter like
(objectClass=some-static-auxiliary-class-name) will not return a match.


I think you need Windows Server 2003 AD or later to achieve what you want or
a way in your samba configuration to map "posixAccount" to "user" as the
class used to search.

Lee Flight



[1] http://msdn.microsoft.com/en-us/library/ms676290(VS.85).aspx
[2] http://msdn.microsoft.com/en-us/library/cc223233(PROT.13).aspx




"hkuhn" <hkuhn.44omba@DoNotSpam.com> wrote in message
news:hkuhn.44omba@DoNotSpam.com...
>
> hey all,
>
> i've running a w2k-server with a rcf2703 schema upgrade. after updating
> one linux-client's samba to 3.4.2 getent via winbind doesn't answer with
> any uids/gids from the AD. after reading the
> ldap_server/devdocs/rfc2307.txt from samba I recognized that for
> retriving all users (getpwent()) the ladp search filter
> (objectClass=posixAccount) is issued.
>
> Having a look at the objectClass content of an user, the posixAccount
> class is missing!
>
> Trying to set the posixAccount with ldifde -i -f ... in the user's
> objectClass with the following ldif failed: The server side error is
> "The specified method is not supported."
>
> dn: CN=test,OU=Domain Users,DC=...,DC=...
> changetype: modify
> add: objectClass
> objectClass: posixAccount
> -
>
> -> error-msg: The server side error is "The specified method is not
> supported."
>
> Can anybody answer the question how add the posixAccount to the user's
> objectClass Attribute?
>
> Regards for your help.
>
> Bye,
> Henrik
>
>
> --
> hkuhn
> ------------------------------------------------------------ ------------
> hkuhn's Profile: http://forums.techarena.in/members/173434.htm
> View this thread: http://forums.techarena.in/active-directory/1292405.htm
>
> http://forums.techarena.in
>
Re: AD how to add 'posixAccount' to an user's objectClass content [message #366888 is a reply to message #366052] Wed, 13 January 2010 04:46 Go to previous message
Cal Gruver  is currently offline Cal Gruver  United States
Messages: 172
Registered: December 2009
Senior Member
Lee,
thank you very much for your expert answer. Now I know that there is know change to find a solution this way.

With best reagrds,
Henrik

---
frmsrcurl: http://msgroups.net/microsoft.public.windows.server.active_d irectory/AD-how-to-add-posixAccount-to-an-user-s-objectC
Previous Topic:legacy OS or applications 2008 DC
Next Topic:AD Monitoring
Goto Forum:
  


Current Time: Wed Jan 17 04:14:44 MST 2018

Total time taken to generate the page: 0.01976 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software