sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Code
9bf2a5bde9
samba-mirror/examples/LDAP
History
Andrew Bartlett 49530d0db5 A new pdb_ldap! 
This patch removes 'non unix account range' (same as idra's change in HEAD),
and uses the winbind uid range instead.

More importanly, this patch changes the LDAP schema to use 'ntSid' instead
of 'rid' as the primary attribute.  This makes it in common with the group
mapping code, and should allow it to be used closely with a future idmap_ldap.

Existing installations can use the existing functionality by using the
ldapsam_compat backend, and users who compile with --with-ldapsam will get
this by default.

More importantly, this patch adds a 'sambaDomain' object to our schema -
which contains 2 'next rid' attributes, the domain name and the domain sid.
Yes, there are *2* next rid attributes.  The problem is that we don't 'own'
the entire RID space - we can only allocate RIDs that could be 'algorithmic'
RIDs.  Therefore, we use the fact that UIDs in 'winbind uid' range will be
mapped by IDMAP, not the algorithm.

Andrew Bartlett
(This used to be commit 3e07406ade)
2003-04-28 10:20:55 +00:00
..
export2_smbpasswd.pl sync with 2.2 2001-12-26 05:35:40 +00:00
export_smbpasswd.pl sync with 2.2 2001-12-26 05:35:40 +00:00
import2_smbpasswd.pl sync with 2.2 2001-12-26 05:35:40 +00:00
import_smbpasswd.pl sync with 2.2 2001-12-26 05:35:40 +00:00
ldapchpasswd sync with 2.2 2001-12-26 05:35:40 +00:00
ldapsync.pl sync with 2.2 2001-12-26 05:35:40 +00:00
README Minor merges from HEAD. 2003-01-22 23:49:54 +00:00
samba-schema-netscapeds4.x merging some changes from SAMBA_2_2 2002-05-08 15:37:14 +00:00
samba-schema-netscapeds5.x merging some changes from SAMBA_2_2 2002-05-08 15:37:14 +00:00
samba-schema.IBMSecureWay merging some changes from SAMBA_2_2 2002-05-08 15:37:14 +00:00
samba.schema A new pdb_ldap! 2003-04-28 10:20:55 +00:00

README 

!==
!== README File for storing smbpasswd in LDAP
!==
!== written by Gerald Carter <jerry@samba.org>
!==

This is a quick and dirty means of storing smbpasswd entries
in LDAP.  Samba 2.2.x does not have any ability to grab
this information directly from LDAP so you will need to
periodically generate an smbpasswd from an ldapsearch
"(objectclass=smbPasswordEntry)".

Be aware of search limits on your client or server which prevent
all entries from being returned in the search result.


Pre-requisites for import_smbpasswd.pl & export_smbpasswd.pl
------------------------------------------------------------
You must install Mozilla PerLDAP which is available at:

	http://www.mozilla.org/directory

PerLDAP depends on the Netscape (aka iPlanet) C-SDK which is
available for download at:

	http:// www.iplanet.com/downloads/developer/


Pre-requisites for import2_smbpasswd.pl & export2_smbpasswd.pl
--------------------------------------------------------------
These two scripts are modified versions of 
[import|export]_smbpasswd.pl rewritten to use the Net::LDAP
perl module available from 

	http://perl-ldap.sourceforge.net



OpenLDAP 2.0.x
--------------

A sample schema file (samba.schema) has been included for use
with OpenLDAP 2.0.x.  The OIDs used in this file are owned by
the Samba team and generated from its own Enterprise number
of 7165 (as issued by IANA).

Copy the samba.schema file into your /etc/openldap/schema directory,
and add an include for it in the /etc/openldap/slapd.conf file.
Note that samba.schema relies upon the uid and uidNumber attributes
from the RFC2307 schema (i.e. nis.schema)

If you choose to import /etc/passwd, nis, or nisplus tables 
into ldap, you can use migration tools provided by PADL Software 
which are located at 

	http://www.padl.com/tools.html

It is not a requirement that a user's /etc/passwd account
is stored in LDAP for the samba.schema file to work (although
the whole point of storing smbpasswd in LDAP is to have a 
single location for user accounts, right?)

The padl tools will leave you with LDIF files which you can import
into OpenLDAP.  Before you can import them, you need to include
nis.schema and cosine.schema in your slapd.conf file.

You must restart the LDAP server for these new included schema files 
to become active.


import[2]_smbpasswd.pl
----------------------

Make sure you customize the local site variable in the perl script
(i.e. ldapserver, rootdn, rootpw, etc...).  The script reads from
standard input and requires that user entries already exist
in your directories containing the 'objectclass: posixAccount'
value pair.  For more information on this object and related schema,
refer to RFC2307 and http://www.padl.com/software.html).

The following will import an smbpasswd file into an LDAP directory

	$ cat smbpasswd | import[2]_smbpasswd.pl


export[2]_smbpasswd.pl
----------------------

Make sure you customize the local site variable in the perl script
(i.e. ldapserver, rootdn, rootpw, etc...).  You can then generate
an smbpasswd file by executing

	$ export[2]_smbpasswd.pl > smbpasswd

NOTE: Server side (or client side) search limites may prevent
all users from being listed.  Check you directory server documentation
for details.



ldapsync.pl & ldapchgpasswd.pl
------------------------------
For more information on these scripts, see

	http://www.mami.net/univr/tng-ldap/howto/


The ldapsync.pl script requires a small command (smbencrypt) 
for generating LanMan and NT password hashes which 
can be found at ftp://samba.org/pub/samba/contributed/

!==
!== end of README
!==