LDAP assistance
Brandon
brandon at sci.brooklyn.cuny.edu
Thu May 18 21:00:56 GMT 2000
For setup of LDAP you need an account that can read/write the portion of
the tree that samba is to use. Also, for schema you need to at the very
minimum specify objectSid as a bin attribute. Here is the skeletin of my
samba ldap tree:
ou=SAMBA, dc=stephenst, dc=org
objectclass=top
objectclass=samDomain
objectclass=domain
objectguid=NOT PRINTABLE
dc=STEPHENST
nextrid=1023
cn=users, ou=SAMBA, dc=stephenst, dc=org
objectclass=container
cn=users
cn=computers, ou=SAMBA, dc=stephenst, dc=org
objectclass=container
cn=computers
Where ou=SAMBA, dc=stephenst, dc=org is the base given to samba to use. If
you don't create anything samba will create the root entry for you
(with nextrid) and objectguid but it will not create the cn=users and
cn=computers parts (which seems like something it should do to me).
For samba, I'm no expert but I believe you must specify
--with-samr-pwdb=nt5ldap to use ldap for the SAM database. The code doesn't
appear to be working very well at the moment. I've been playing around with
it and have made some changes so basic functionality such as authorization
works. smbpasswd will work to add users to the ldap db after everything is
set up. And yes, classic unix-accounts are still neccesary for the users
being added to the ldap db. Let me know if you want the patch for the changes
I've made, it's against release-alpha-2-5-3.
Brandon
More information about the samba-ntdom
mailing list