[Samba] openldap authentication

Adam Tauno Williams awilliam at whitemice.org
Wed Dec 7 07:44:09 MST 2011

On Wed, 2011-11-30 at 13:18 -0700, James Devine wrote:
> I have an existing openldap schema which is handling mail, web and ftp
> services right now.  I am trying to get a windows machine talking to the
> same filesystem as apache on linux via samba and read/write using the
> correct uid/gid.  I was trying to shy away from using pam_ldap as there is
> no need to tie the user in ldap directly to the filesystem.  The problem is
> it looks like the samba ldap module requires a specific ldap schema to
> function, whereas currently I map needed functionality to the ldap schema
> as depicted below
> # fxmulder at nsab.us, gwis
> dn: cn=fxmulder at nsab.us,dc=gwis
> objectClass: top
> objectClass: person
> objectClass: posixAccount
> accountid: 65534
> uidNumber: 65534
> gidNumber: 65534
> active: 1
> cn: fxmulder at nsab.us
> loginShell: /usr/sbin/nologin
> sn: nsab.us
> wenable: 1
> wpass: testpass
> whome: /www/nsab.us/nsab.us/fx/fxmulder
> I don't suppose there is a similar way to map attributes with samba?

You need to use the Samba [Samba 3] schema.  The sambaAccount
objectclass is auxillary; so you can add it to your existing account
objects.  The [nearly obsolete, look at Samba 4] Samba 3 LDAP overlays
on the RFC2307 schema you are currently using.

More information about the samba mailing list