1<samba:parameter name="ldapsam:editposix" 2 context="G" 3 type="string" 4 advanced="1" developer="0" 5 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> 6<description> 7 8 <para> 9 Editposix is an option that leverages ldapsam:trusted to make it simpler to manage a domain controller 10 eliminating the need to set up custom scripts to add and manage the posix users and groups. This option 11 will instead directly manipulate the ldap tree to create, remove and modify user and group entries. 12 This option also requires a running winbindd as it is used to allocate new uids/gids on user/group 13 creation. The allocation range must be therefore configured. 14 </para> 15 16 <para> 17 To use this option, a basic ldap tree must be provided and the ldap suffix parameters must be properly 18 configured. On virgin servers the default users and groups (Administrator, Guest, Domain Users, 19 Domain Admins, Domain Guests) can be precreated with the command <command moreinfo="none">net sam 20 provision</command>. To run this command the ldap server must be running, Winindd must be running and 21 the smb.conf ldap options must be properly configured. 22 23 The typical ldap setup used with the <smbconfoption name="ldapsam:trusted">yes</smbconfoption> option 24 is usually sufficient to use <smbconfoption name="ldapsam:editposix">yes</smbconfoption> as well. 25 </para> 26 27 <para> 28 An example configuration can be the following: 29 30 <programlisting> 31 encrypt passwords = true 32 passdb backend = ldapsam 33 34 ldapsam:trusted=yes 35 ldapsam:editposix=yes 36 37 ldap admin dn = cn=admin,dc=samba,dc=org 38 ldap delete dn = yes 39 ldap group suffix = ou=groups 40 ldap idmap suffix = ou=idmap 41 ldap machine suffix = ou=computers 42 ldap user suffix = ou=users 43 ldap suffix = dc=samba,dc=org 44 45 idmap backend = ldap:"ldap://localhost" 46 47 idmap uid = 5000-50000 48 idmap gid = 5000-50000 49 </programlisting> 50 51 This configuration assumes a directory layout like described in the following ldif: 52 53 <programlisting> 54 dn: dc=samba,dc=org 55 objectClass: top 56 objectClass: dcObject 57 objectClass: organization 58 o: samba.org 59 dc: samba 60 61 dn: cn=admin,dc=samba,dc=org 62 objectClass: simpleSecurityObject 63 objectClass: organizationalRole 64 cn: admin 65 description: LDAP administrator 66 userPassword: secret 67 68 dn: ou=users,dc=samba,dc=org 69 objectClass: top 70 objectClass: organizationalUnit 71 ou: users 72 73 dn: ou=groups,dc=samba,dc=org 74 objectClass: top 75 objectClass: organizationalUnit 76 ou: groups 77 78 dn: ou=idmap,dc=samba,dc=org 79 objectClass: top 80 objectClass: organizationalUnit 81 ou: idmap 82 83 dn: ou=computers,dc=samba,dc=org 84 objectClass: top 85 objectClass: organizationalUnit 86 ou: computers 87 </programlisting> 88 </para> 89 90</description> 91<value type="default">no</value> 92</samba:parameter> 93