[Samba] Accessing external LDAP for classicupgrade

[Andrew Bartlett]

On Thu, 2015-09-17 at 17:02 -0400, Robert Moskowitz wrote:
> I am reading the LDAP portion of:
> 
> https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_domain_to_a_Sa
> mba_AD_domain_%28classic_upgrade%29
> 
> The second route may not work for me.  When I ran slapcat on the
> ClearOS 
> system I got:
> 
> # slapcat > ldap.backup.ldif
> 55fb2665 The first database does not allow slapcat; using the first 
> available one (2)
> 
> and very little in the backup file.
> 
> So since the LDAP backend on the old server is only used for the 
> classicupgrade, this looks interesting, but...
> 
> What ldap.conf and smb.conf to I set up to retreive the information
> from 
> the old LDAP backend host?  That is not clear.  I would have to start
> afresh (going to anyway) to see what a fresh system looks like with 
> these two files.  On the ClearOS system, the ldap.conf says:
> 
> # cat smb.ldap.conf
> # Please do not edit - this file is automatically generated.
> 
> passdb backend = ldapsam:ldap://127.0.0.1
> ldap admin dn = cn=manager,ou=Internal,dc=home,dc=htt
> ldap group suffix = ou=Groups,ou=Accounts
> ldap idmap suffix = ou=Idmap
> ldap machine suffix = ou=Computers,ou=Accounts
> ldap passwd sync = No
> ldap suffix = dc=home,dc=htt
> ldap user suffix = ou=Users,ou=Accounts
> ldap connection timeout = 8
> ldap ssl = Off
> 
> On my new AD, I would use the IP address of the old server (they have
> the same fqdn, but different DNS servers in different networks, but
> IP 
> reachable).  Plus make sure the ldap port is open; it should be
> already.

Just change the 'passdb backend' line in the smb.conf to point to your
old server.  In general we will only read it, but the backup process is
there to make sure.

Thanks,

Andrew Bartlett



-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba