smbpasswd in an LDAP directory

David Krovich dkrovich at slackworks.com
Mon Jul 2 02:09:23 GMT 2001


	After some fighting, I got this to work.  In the
import_smbpasswd.pl file I had to change one line.

	I changed:

	while ($string = <$infile> ) {
to
	while ($string = <STDIN>) {

	It took a bit to find and download the Mozilla PerLDAP stuff, get
the C-SDK, and play with the slapd.conf file but after that everything
went fine.

	I took a stab at updating the README:

-------------------------------------------------
Updated README file for storing smbpasswd in LDAP
-------------------------------------------------
!==
!== README File for storing smbpasswd in LDAP
!==
!== written by Gerald Carter <jerry at samba.org>
!==

This is a quick and dirty means of storing smbpasswd entries
in smbpasswd.  Samba 2.2.x does not have any ability to grab
this information directly from LDAP so you will need to
periodically generate an smbpasswd from an ldapsearch
"(objectclass=smbPasswordEntry)".

Be aware of search limits on your client or server which prevent
all entries from being returned in the search result.

Pre-requisites
--------------
You must install Mozilla PerLDAP which is available at:
http://www.mozilla.org/directory

PerLDAP depends on the Netscape (aka iPlanet) C-SDK which is
available for download at:
http:// www.iplanet.com/downloads/developer/

OpenLDAP 2.0.x
--------------

A sample schema file (samba.schema) has been included for use
with OpenLDAP 2.0.x.  The OIDs used in this file are owned by
the Samba team and generated from its own Enterprise number
of 7165 (as issued by IANA).

Copy the samba.schema file into your /etc/openldap/schema directory,
and add an include for it in the /etc/openldap/slapd.conf file.

To import /etc/passwd, nis, or nisplus tables into ldap, you can
use migration tools provided by PADL Software which are located
at http://www.padl.com/tools.html

The padl tools will leave you with LDIF files which you can import
into OpenLDAP.  Before you can import them, you need to include
nis.schema and cosine.schema in your slapd.conf file.

You must restart the LDAP server for these new includes to become
active.

import_smnbpasswd.pl
--------------------

Make sure you customize the local site variable in the perl script
(i.e. ldapserver, rootdn, rootpw, etc...).  The script reads from
standard input and requires that user entries already exist
in your directories containing the 'objectclass: posixAccount'
value pair.  For more information on this object and related schema,
refer to RFC2307 and http://www.padl.com/software.html).

The following will import an smbpasswd file into an LDAP directory

	$ cat smbpasswd | import_smbpasswd.pl

export_smbpasswd.pl
-------------------

Make sure you customize the local site variable in the perl script
(i.e. ldapserver, rootdn, rootpw, etc...).  You can then generate
an smbpasswd file by executing

	$ export_smbpasswd.pl > smbpasswd

NOTE: Server side (or client side) search limites may prevent
all users from being listed.  Check you directory server documentation
for details.



!==
!== end of README
!==

but other than that everything worked fine.

I did

On Fri, 29 Jun 2001, Gerald Carter wrote:

> FYI....
>
> I just checked in a schema file for storing smbpasswd in LDAP
> (works with OpenLDAP 2.0) and some import/export perl scripts.
> This does not means that Samba can read information directly
> from LDAP, but for those interested in have a cron job gernated
> the smbpasswd file from LDAP, this will work.  Also means that
> LDAP can be used to replicate smbpasswd to multiple servers :)
>
> The import script currently expects user accounts to previously
> exist containing the "objectclass=posixAccount" attribute/value
> pair.  This is not an actual requirement, but I just wanted to
> get this done quickly.  Further enhancement would be to perform a
> getpwnam() for verifying the existence of a user.
>
>
>
>
>
> Cheers, jerry
> +---------------------------------------------------------------------+
>  http://www.valinux.com/     VA Linux Systems      gcarter at valinux.com
>  http://www.samba.org/          SAMBA Team             jerry at samba.org
>  http://www.plainjoe.org/                           jerry at plainjoe.org
>  --"I never saved anything for the swim back." Ethan Hawk in Gattaca--
>
>





More information about the samba-technical mailing list