[Samba] And the LDIF thing

Josh Skains JSkains at deltad.com
Thu Jun 10 18:11:24 GMT 2004


I hate to be a pain, but I am under the gun.. Could you show an example "ldif" on that? I am completely ldap dumb. I'd greatly appreciate it.

Thanks,
JMS

-----Original Message-----
From: Paul Gienger [mailto:pgienger at ae-solutions.com]
Sent: Thursday, June 10, 2004 11:03 AM
To: Josh Skains
Cc: adam at morrison-ind.com; samba at lists.samba.org
Subject: Re: [Samba] And the LDIF thing



>Jun 10 02:31:05 wwweng1 winbindd[4233]:   ldap_allocate_id: single sambaUnixIdPool object not found 
>Jun 10 02:31:05 wwweng1 winbindd[4233]: [2004/06/10 02:31:05, 0] sam/idmap_ldap.c:ldap_allocate_id(413)
>Jun 10 02:31:05 wwweng1 winbindd[4233]: [2004/06/10 02:31:05, 0] sam/idmap_ldap.c:ldap_get_id_from_sid(621) 
>Jun 10 02:31:05 wwweng1 winbindd[4233]:   ldap_allocate_id: cannot acquire id lock!
>
>and the getent returns nothing from winbind.
>  
>
You need to add a sambaUnixIdPool object inside of your IdMap ou.  This 
will give samba it's starting UID number and some other things.  Just 
make sure you have all of the required attributes filled out in that 
object and then samba(winbind) will start adding subobjects of it 
automatically when new users connect the first time.

>When I remove the "ldap" entries from smb.conf, the getnet command works fine. (so winbind is working)
>
>As for DSA, I am not sure what you mean. I am doing nothing fancy like SSL or the like.
>
>Thanks,
>JMS
>
>P.S.
>
>My SLDAP.CONF:
>
># Define global ACLs to disable default read access.
>
># Do not enable referrals until AFTER you have a working directory
># service AND an understanding of referrals.
>#referral       ldap://root.openldap.org
>
>#pidfile        //var/run/slapd.pid
>#argsfile       //var/run/slapd.args
>
># Create a replication log in /var/lib/ldap for use by slurpd.
>#replogfile     /var/lib/ldap/master-slapd.replog
>
># Load dynamic backend modules:
># modulepath    /usr/sbin/openldap
># moduleload    back_ldap.la
># moduleload    back_ldbm.la
># moduleload    back_passwd.la
># moduleload    back_shell.la
>
>#
># The next two lines allow use of TLS for connections using a dummy test
># certificate, but you should generate a proper certificate by changing to
># /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
># slapd.pem so that the ldap user or group can read it.
># TLSCertificateFile /usr/share/ssl/certs/slapd.pem
># TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
>#
># Sample Access Control
>#       Allow read access of root DSE
>#       Allow self write access
>#       Allow authenticated users read access
>#       Allow anonymous users to authenticate
>#
>#access to dn="" by * read
>#access to *
>#       by self write
>#       by users read
>#       by anonymous auth
>#
># if no access controls are present, the default is:
>#       Allow read by all
>#
># rootdn can always write!
>
>#######################################################################
># ldbm database definitions
>#######################################################################
>
>database        ldbm
>suffix          "dc=softeng,dc=com"
>rootdn          "cn=Manager,dc=softeng,dc=com"
>rootpw          {SSHA}l3niIBoW8kJe1gEzqK5VW426vNh+PW69
>directory       /var/lib/ldap
>
># Indices to maintain
>index   objectClass,uid,uidNumber,gidNumber,memberUid   eq
>index   cn,mail,surname,givenname                       eq,subinitial
># Replicas to which we should propagate changes
>#replica host=ldap-1.example.com:389 tls=yes
>#       bindmethod=sasl saslmech=GSSAPI
>#       authcId=host/ldap-master.example.com at EXAMPLE.COM
>  
>

-- 
Paul Gienger                     Office:		701-281-1884
Applied Engineering Inc.         Cell:			701-306-6254
Information Systems Consultant   Fax:			701-281-1322
URL: www.ae-solutions.com        mailto:pgienger at ae-solutions.com




More information about the samba mailing list