Re: Fwd: map group uniqueMember sAMAccountName

[Arthur de Jong <arthur [at] arthurdejong.org>]

On Fri, 2017-02-10 at 10:39 +0100, Patrik wrote:
> It is in a Samba AD. Still now working with group. How can I not need
> a Samba group and use that is the same as the username? Like usual
> linux setup.

What does the following return:
  getent passwd patrikx3

If you want the gid to be the same as the uid and have every user also
be a group you could use something like this that maps group queries to
user queries:

filter passwd 
(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))(uidNumber=10000))")
map    passwd uid           sAMAccountName
map    passwd homeDirectory unixHomeDirectory
map    passwd gecos         displayName
map    passwd gidNumber     uidNumber
filter shadow 
(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))(uidNumber=10000))")
map    shadow uid           sAMAccountName
map    shadow shadowLastChange pwdLastSet
filter group  
(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))(uidNumber=10000))")
map    group  cn            sAMAccountName
map    group  gidNumber     uidNumber
map    group  memberUid     sAMAccountName

(the last mapping is optional and shouldn't be needed in most cases)

This is obviously a bit of a hack. It is better to have real groups
defined. In such setups it is common to have all the normal users
configured with a "users" primary group instead of a per-user group.
You will need to address this in the file ownership then of course.

Kind regards,

-- 
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/