LDAP assistance

Brandon brandon at sci.brooklyn.cuny.edu
Thu May 18 21:00:56 GMT 2000

For setup of LDAP you need an account that can read/write the portion of
the tree that samba is to use.  Also, for schema you need to at the very
minimum specify objectSid as a bin attribute.  Here is the skeletin of my 
samba ldap tree:

        ou=SAMBA, dc=stephenst, dc=org
        objectguid=NOT PRINTABLE

        cn=users, ou=SAMBA, dc=stephenst, dc=org
        cn=computers, ou=SAMBA, dc=stephenst, dc=org

Where ou=SAMBA, dc=stephenst, dc=org is the base given to samba to use.  If
you don't create anything samba will create the root entry for you
(with nextrid) and objectguid but it will not create the cn=users and
cn=computers parts (which seems like something it should do to me).  

For samba, I'm no expert but I believe you must specify 
--with-samr-pwdb=nt5ldap to use ldap for the SAM database.  The code doesn't
appear to be working very well at the moment.  I've been playing around with
it and have made some changes so basic functionality such as authorization 
works.  smbpasswd will work to add users to the ldap db after everything is
set up.  And yes, classic unix-accounts are still neccesary for the users 
being added to the ldap db.  Let me know if you want the patch for the changes
I've made, it's against release-alpha-2-5-3.  


More information about the samba-ntdom mailing list