[Samba] And the LDIF thing
Josh Skains
JSkains at deltad.com
Thu Jun 10 18:11:24 GMT 2004
I hate to be a pain, but I am under the gun.. Could you show an example "ldif" on that? I am completely ldap dumb. I'd greatly appreciate it.
Thanks,
JMS
-----Original Message-----
From: Paul Gienger [mailto:pgienger at ae-solutions.com]
Sent: Thursday, June 10, 2004 11:03 AM
To: Josh Skains
Cc: adam at morrison-ind.com; samba at lists.samba.org
Subject: Re: [Samba] And the LDIF thing
>Jun 10 02:31:05 wwweng1 winbindd[4233]: ldap_allocate_id: single sambaUnixIdPool object not found
>Jun 10 02:31:05 wwweng1 winbindd[4233]: [2004/06/10 02:31:05, 0] sam/idmap_ldap.c:ldap_allocate_id(413)
>Jun 10 02:31:05 wwweng1 winbindd[4233]: [2004/06/10 02:31:05, 0] sam/idmap_ldap.c:ldap_get_id_from_sid(621)
>Jun 10 02:31:05 wwweng1 winbindd[4233]: ldap_allocate_id: cannot acquire id lock!
>
>and the getent returns nothing from winbind.
>
>
You need to add a sambaUnixIdPool object inside of your IdMap ou. This
will give samba it's starting UID number and some other things. Just
make sure you have all of the required attributes filled out in that
object and then samba(winbind) will start adding subobjects of it
automatically when new users connect the first time.
>When I remove the "ldap" entries from smb.conf, the getnet command works fine. (so winbind is working)
>
>As for DSA, I am not sure what you mean. I am doing nothing fancy like SSL or the like.
>
>Thanks,
>JMS
>
>P.S.
>
>My SLDAP.CONF:
>
># Define global ACLs to disable default read access.
>
># Do not enable referrals until AFTER you have a working directory
># service AND an understanding of referrals.
>#referral ldap://root.openldap.org
>
>#pidfile //var/run/slapd.pid
>#argsfile //var/run/slapd.args
>
># Create a replication log in /var/lib/ldap for use by slurpd.
>#replogfile /var/lib/ldap/master-slapd.replog
>
># Load dynamic backend modules:
># modulepath /usr/sbin/openldap
># moduleload back_ldap.la
># moduleload back_ldbm.la
># moduleload back_passwd.la
># moduleload back_shell.la
>
>#
># The next two lines allow use of TLS for connections using a dummy test
># certificate, but you should generate a proper certificate by changing to
># /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
># slapd.pem so that the ldap user or group can read it.
># TLSCertificateFile /usr/share/ssl/certs/slapd.pem
># TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
>#
># Sample Access Control
># Allow read access of root DSE
># Allow self write access
># Allow authenticated users read access
># Allow anonymous users to authenticate
>#
>#access to dn="" by * read
>#access to *
># by self write
># by users read
># by anonymous auth
>#
># if no access controls are present, the default is:
># Allow read by all
>#
># rootdn can always write!
>
>#######################################################################
># ldbm database definitions
>#######################################################################
>
>database ldbm
>suffix "dc=softeng,dc=com"
>rootdn "cn=Manager,dc=softeng,dc=com"
>rootpw {SSHA}l3niIBoW8kJe1gEzqK5VW426vNh+PW69
>directory /var/lib/ldap
>
># Indices to maintain
>index objectClass,uid,uidNumber,gidNumber,memberUid eq
>index cn,mail,surname,givenname eq,subinitial
># Replicas to which we should propagate changes
>#replica host=ldap-1.example.com:389 tls=yes
># bindmethod=sasl saslmech=GSSAPI
># authcId=host/ldap-master.example.com at EXAMPLE.COM
>
>
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. Cell: 701-306-6254
Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto:pgienger at ae-solutions.com
More information about the samba
mailing list