[Samba] Base ldap access file.

Tarjei Huse tarjei at nu.no
Fri Jul 23 10:11:19 GMT 2004 

Now with the files attached :-)

On Fri, 2004-07-23 at 10:52, Tarjei Huse wrote:
> Hi, 
> 
> Having set up a few Samba-ldap installations, I always end up with the
> feeling that OpenLDAP ACLs is what took time. The following patches /
> scripts might help someone else.
> 
> I would appreciate some input on the access.conf.pl file so that it is
> even better tuned.
> 
> Mr Tournier and the sambateam: Please include the files you find
> usefull.
> 
> The attached files are:
> 
> slapd.conf.pl : 
> A simple utility to generate a bafis slapd.conf file. Usage:
> ./slapd.conf.pl <basedn> <hostname> [tls] > slapd.conf.
> Note: This one is not that important.
> 
> access.conf.pl:
> This is a simple utility to generate a working set of ACLs for a basic
> samba-ldap installation.
> 
> Usage:
> ./access.conf.pl <basedn> <hostname> > access.conf
> 
> access.conf must then be added as a include at the end of slapd.conf.
> 
> smbldap-populate.patch: 
> This is a patch to add an extra ou=Services to the ldaptree and add a
> simpelSecurityObject samba to that ou. Use this as the "sambauser". The
> only thing samba needs is access to the ldap-tree not be a complete
> Unix/Windos user.
> 
> The patch is written so that if you run configure.pl in smbldaptools
> first, it will use the password you have set for the master ldapserver,
> thus you save a bit work there :-)
> 
> Please comment and commit ;-)
> 
> Tarjei
-------------- next part --------------
--- smbldap-tools-0.8.2/smbldap-populate.pl	2003-11-28 16:21:35.000000000 +0100
+++ smbldap-tools-0.8.2.p/smbldap-populate.pl	2003-12-08 19:35:31.000000000 +0100
@@ -94,18 +94,19 @@
 	die "can't extract first attr and value from suffix $suffix";
   }
   #print "$attr=$val\n";
+  my $org;
   my ($organisation,$ext) = ($suffix =~ m/dc=(.*),dc=(.*)$/);
-
+  if ($organisation ne '') {
+    $org = "\nobjectclass: organization\no: $organisation";
+  }
   #my $FILE="|cat";
   my $FILE=$tmp_ldif_file;
   open (FILE, ">$FILE") || die "Can't open file $FILE: $!\n";
 
   print FILE <<EOF;
 dn: $suffix
-objectClass: $objcl
-objectclass: organization
+objectClass: $objcl$org
 $attr: $val
-o: $organisation
 
 dn: $usersdn
 objectClass: organizationalUnit
@@ -309,7 +310,6 @@
 } else {
   $tmp_ldif_file=$_ldifName;
 }
-
 my $ldap_master=connect_ldap_master();
 my $ldif = Net::LDAP::LDIF->new($tmp_ldif_file, "r", onerror => 'undef' );
 while( not $ldif->eof() ) {

More information about the samba mailing list