[Samba] Adding LDAP Backend to Samba
John H Terpstra
jht at samba.org
Sat Feb 12 07:15:54 MST 2011
On 02/12/2011 02:16 AM, J. Echter wrote:
> Am 05.02.2011 10:33, schrieb J. Echter:
> can nobody tell my where the accounts have to be in? is it correct that
> idmap is empty?
Manageability, performance and readability are the key reasons for
putting group accounts into an ou=groups, and for having users accounts
under ou=users, and machine accounts under another ou.
It is quite possible to store all the accounts directly off the root of
the LDAP directory - it will work if everything else is configured
correctly. This is certainly NOT a recommended configuration, but it
You need to make sure that the "everything else" of your configuration
is correct. If you do not understand how the pieces all fit together
life gets a bit challenging.
The following need to be configured:
You need to install and configure an NSS LDAP library. If you use
nss_ldap (from http://www.padl.com), the configuration file (ldap.conf)
must be correctly configured. This file is often located (compile time
option) in /etc.
When this has been correctly configured you will see all LDAP user
accounts when you execute:
You should also see all LDAP group accounts when you execute:
If these two commands do not work - you need to fix that. Samba relies
on being able to resolve POSIX user and group information by simple
calls to the getpwent() family of system calls.
Next, it is necessary to install and configure the toolset you want to
use to maintain and manage accounts in the LDAP directory. Many people
make use of the smbldap-tools package. After installation and
configuration, use the appropriate tool to validate account information.
gecos: System User
#> smbldap-groupshow engineers
description: Finely Trained Technicians
It is also necessary to correctly configure Samba. Please refer to
chapter 5 of the book "Samba4-ByExample" available from your local
bookstore or on-line from:
Chapter 5 systematically steps through the process of installation and
configuration of a complete Novell SLES (OpenSUSE) -based Samba/LDAP
The example is based on SLES, but it applies for the most part also for
RHEL and Fedora.
More information about the samba