You are here
I'm trying to add a user with smartcard to samba4. That is, the user shall use smartcard/pin for login instead of username/password. This is accomplished by (among lots of other things) adding the users certificate to samba db. Parameter to add is 'userCertificate;binary'
However, I cannot add the certificate parameter due to that "userCertificate does not exists in the schema" according to error message.
I use ldapmodify basically as this example https://docs.oracle.com/cd/E19424-01/820-4809/6ng8g5576/index.html
The thing is, when I create a user in the system, he/she always get some objectClass parameters which I haven't asked for. For instance 'Person', 'organizationalPerson' etc. These objecClasses does not have 'userCertificate' as possible parameter. But objectClass 'inetOrgPerson' has 'userCertificate'. So I added that class ('inetOrgPerson') to my user, but no luck. Still 'userCertificate does not exists in the schema'
What to do?
Environment; server: debian, client: debian
TBH I have no idea sorry...
Or if you think it's a bug in the Debian package, then probably lodge a bug report with Debian.
Good luck.
[solved] It turns out that
[solved]
It turns out that Samba doesn't need the 'binary' extension on the 'userCertificate' attribute. In fact, Samba really DON'T WANT it! But when I specify 'userCertificate' without 'binary', Samba is happy and ads the attribute.
Obviously Samba figures out by itself that the parameter is in binary format...
Thanks for posting back with a solution. :)
Add new comment