Samba Group Mapping

Introduction

This page shows you how to create Samba user mapping. The complete files are available in PENROSE_SERVER_HOME/samples/partitions/samba.

Source Configuration

Define two sources in sources.xml corresponding to the groups and usergroups tables in your database. See the following example:

<source name="groups">

  <connection-name>Samba</connection-name>

  <field name="groupname" primaryKey="true"/>
  <field name="type"/>

  <field name="gid"/>
  <field name="group_sid"/>

  <parameter>
    <param-name>tableName</param-name>
    <param-value>groups</param-value>
  </parameter>

</source>

<source name="usergroups">

  <connection-name>Samba</connection-name>

  <field name="groupname" primaryKey="true"/>
  <field name="username" primaryKey="true"/>

  <parameter>
    <param-name>tableName</param-name>
    <param-value>usergroups</param-value>
  </parameter>

</source>

Entry Mapping

Define a mapping for the groups in mapping.xml, for instance: cn=...,ou=Groups,dc=Samba,dc=Example,dc=com.

<entry dn="cn=...,ou=Groups,dc=Samba,dc=Example,dc=com">
  ... object classes ...
  ... attribute mappings ...
  ... source/field mappings ...
</entry>

Object Classes

Add sambaGroupMapping and posixGroup object class.

<oc>posixGroup</oc>
<oc>sambaGroupMapping</oc>

Attribute Mappings

<at name="cn" rdn="true">
  <variable>g.groupname</variable>
</at>
<at name="gidNumber">
  <variable>g.gid</variable>
</at>
<at name="memberUid">
  <variable>ug.username</variable>
</at>
<at name="sambaGroupType">
  <variable>g.type</variable>
</at>
<at name="sambaSID">
  <variable>g.group_sid</variable>
</at>

Source/Field Mappings

<source name="g">

  <source-name>groups</source-name>

  <field name="gid">
    <variable>gidNumber</variable>
  </field>
  <field name="group_sid">
    <variable>sambaSID</variable>
  </field>
  <field name="groupname">
    <variable>cn</variable>
  </field>
  <field name="type">
    <variable>sambaGroupType</variable>
  </field>

</source>

<source name="ug">

  <source-name>usergroups</source-name>

  <field name="groupname">
    <variable>cn</variable>
  </field>
  <field name="username">
    <variable>memberUid</variable>
  </field>

</source>

<relationship>
  <expression>g.groupname = ug.groupname</expression>
</relationship>