[Samba] Is there anyone out there using Sammba with LDAP against the Netscape

Ron Creamer ron at pageworks.com
Thu Mar 28 06:56:02 GMT 2002 

> Message: 24
> Date: Thu, 28 Mar 2002 12:08:56 +0000
> From: Scott Lawson <slawson at sghms.ac.uk>
> To: samba at samba.org
> Subject: [Samba] Is there anyone out there using Sammba with LDAP against the Netscape
>  Directory Server?
> 
> Hi,
> 
> I was wondering if there is anyone out there successfully using the
> Netscape Directory Server 4.1x with Samba
> for native LDAP authentication? (or Iplanet DS 5.x)
> 
> I would particularly like to get copies of the converted schema files if
> possible for NDS. Any success stories
> would be appreciated either to the mailing list or direct to me.
> 
> If no one has schema files that they wish to share then I will convert
> the ones provided in the Samba distribution
> and mail them to the Samba team for future inclusion.

Hi Scott,

We are using Netscape DS 4.16 on Linux. It came with our Netscape
Messaging Server that has been our mail server for years.

I'll make some assumptions here. First, that you have NSDS because you
use NS Messaging Server. I'll also assume that you have mail users
currently defined in NSDS.

The good news is that you don't need to add to or modify the schema on
NSDS. It supports RFC2307/PosixAccount which defines attributes like
"loginshell", "homeDirectory", "uidNumber", "gidNumber", etc.

My advice is to add the posixAccount objectclass for your mail users and
fill out the attributes so that they can have normal unix accounts.
Then, by using pam ldap and nsswitch, you can have these user accounts
(which are the same as the email accounts you probably already have) log
on to your Linux boxes via telnet, ftp or however you want to configure
it.

I'd stay away from the ldapsam stuff for now. My recommendation is
instead to go to winbind in the new 2.2.3a if possible.

By using Netscape's LDAP server, we are successfully authenticating Unix
services (telnet, ssh, ftp, etc), samba users, and even netatalk
(appletalk/mac clients) via a Netscape Directory Server.

No schema changes are required.

If you would like to add the sambaAccount objectclass to the Netscape
Directory Server. I did do some work on that, and if you email me, I can
send the schema that I made for Netscape a few weeks back. But as we
have an existing NT4 Domain here, I dropped the whole ldapsam thing
because winbind works so well. So although I've made the schema changes,
I've never needed to use it or test it.

Regards,

-Ron

More information about the samba mailing list