configure nsscache with samba4 active directory

Question

I have a problem caching the users from samba4 AD with nsscache, since there is no uid, rather samAccountName or cn in AD. When I use the uid-like attribute:

# Default uid-like attribute
ldap_uidattr = 'sAMAccountName'

I get the following error:

# nsscache  update --full
WARNING:root:invalid object passed: 'uid' not in {'modifyTimeStamp': ['20190915102717.0Z'], 'sAMAccountName': ['user'], 'cn': ['user']}
Traceback (most recent call last):
  File "/usr/sbin/nsscache", line 33, in <module>
    return_value = nsscache_app.Run(sys.argv[1:], os.environ)
  File "/usr/lib/python2.7/dist-packages/nss_cache/app.py", line 240, in Run
    retval = command_callable().Run(conf=conf, args=args)
  File "/usr/lib/python2.7/dist-packages/nss_cache/command.py", line 230, in Run
    force_lock=options.force_lock)
  File "/usr/lib/python2.7/dist-packages/nss_cache/command.py", line 303, in UpdateMaps
    force_write=force_write)
  File "/usr/lib/python2.7/dist-packages/nss_cache/update/updater.py", line 275, in UpdateFromSource
    force_write, location=None)
  File "/usr/lib/python2.7/dist-packages/nss_cache/update/map_updater.py", line 75, in UpdateCacheFromSource
    location=location)
  File "/usr/lib/python2.7/dist-packages/nss_cache/sources/source.py", line 63, in GetMap
    return self.GetPasswdMap(since)
  File "/usr/lib/python2.7/dist-packages/nss_cache/sources/ldapsource.py", line 371, in GetPasswdMap
    since=since)
  File "/usr/lib/python2.7/dist-packages/nss_cache/sources/ldapsource.py", line 589, in GetUpdates
    raise ValueError('Invalid object passed: %r', obj)
ValueError: ('Invalid object passed: %r', {'modifyTimeStamp': ['20190915102717.0Z'], 'sAMAccountName': ['user'], 'cn': ['user']})

Ist possible to configure nsscache with active directory?

Thanks

score 0 · Answer 1 · answered Sep 30 '19 at 20:10

It seems it is not possible to configure nsscache with active directory. After looking in to the source code, here is the exception I get and here are the essential fields needed as attributes of an object.

Neither uid nor uidNumber nor gitNumber are part of an object in samba4 active directory.

The uid attribute can be added, but neither uidNumber nor gidNumber are allowed according to the schema.

configure nsscache with samba4 active directory

1 Answers1