mirror of
https://github.com/samba-team/samba.git
synced 2024-12-27 03:21:53 +03:00
98 lines
2.9 KiB
Plaintext
98 lines
2.9 KiB
Plaintext
!==
|
|
!== README File for storing smbpasswd in LDAP
|
|
!==
|
|
!== written by Gerald Carter <jerry@samba.org>
|
|
!==
|
|
|
|
This is a quick and dirty means of converting smbpasswd entries
|
|
to sambaAccount entriues in an LDAP directory.
|
|
|
|
|
|
Pre-requisites for import_smbpasswd.pl & export_smbpasswd.pl
|
|
--------------------------------------------------------------
|
|
These two scripts are modified versions of
|
|
[import|export]_smbpasswd.pl rewritten to use the Net::LDAP
|
|
perl module available from
|
|
|
|
http://perl-ldap.sourceforge.net
|
|
|
|
|
|
|
|
|
|
OpenLDAP 2.0.x
|
|
--------------
|
|
|
|
A sample schema file (samba.schema) has been included for use
|
|
with OpenLDAP 2.0.x. The OIDs used in this file are owned by
|
|
the Samba team and generated from its own Enterprise number
|
|
of 7165 (as issued by IANA).
|
|
|
|
Copy the samba.schema file into your /etc/openldap/schema directory,
|
|
and add an include for it in the /etc/openldap/slapd.conf file.
|
|
Note that samba.schema relies upon the uid and uidNumber attributes
|
|
from the RFC2307 schema (i.e. nis.schema)
|
|
|
|
If you choose to import /etc/passwd, nis, or nisplus tables
|
|
into ldap, you can use migration tools provided by PADL Software
|
|
which are located at
|
|
|
|
http://www.padl.com/tools.html
|
|
|
|
It is not a requirement that a user's /etc/passwd account
|
|
is stored in LDAP for the samba.schema file to work (although
|
|
the whole point of storing smbpasswd in LDAP is to have a
|
|
single location for user accounts, right?)
|
|
|
|
The padl tools will leave you with LDIF files which you can import
|
|
into OpenLDAP. Before you can import them, you need to include
|
|
nis.schema and cosine.schema in your slapd.conf file.
|
|
|
|
You must restart the LDAP server for these new included schema files
|
|
to become active.
|
|
|
|
|
|
import_smbpasswd.pl
|
|
----------------------
|
|
|
|
Make sure you customize the local site variable in the perl script
|
|
(i.e. ldapserver, rootdn, rootpw, etc...). The script reads from
|
|
standard input and requires that user entries already exist
|
|
in your directories containing the 'objectclass: posixAccount'
|
|
value pair. For more information on this object and related schema,
|
|
refer to RFC2307 and http://www.padl.com/software.html).
|
|
|
|
The following will import an smbpasswd file into an LDAP directory
|
|
|
|
$ cat smbpasswd | import_smbpasswd.pl
|
|
|
|
|
|
export_smbpasswd.pl
|
|
----------------------
|
|
|
|
Make sure you customize the local site variable in the perl script
|
|
(i.e. ldapserver, rootdn, rootpw, etc...). You can then generate
|
|
an smbpasswd file by executing
|
|
|
|
$ export_smbpasswd.pl > smbpasswd
|
|
|
|
NOTE: Server side (or client side) search limites may prevent
|
|
all users from being listed. Check you directory server documentation
|
|
for details.
|
|
|
|
|
|
|
|
ldapsync.pl & ldapchgpasswd.pl
|
|
------------------------------
|
|
For more information on these scripts, see
|
|
|
|
http://www.mami.net/univr/tng-ldap/howto/
|
|
|
|
|
|
The ldapsync.pl script requires a small command (smbencrypt)
|
|
for generating LanMan and NT password hashes which
|
|
can be found at ftp://samba.org/pub/samba/contributed/
|
|
|
|
!==
|
|
!== end of README
|
|
!==
|