summaryrefslogtreecommitdiff
path: root/docs/yodldocs/LDAP.yo
diff options
context:
space:
mode:
Diffstat (limited to 'docs/yodldocs/LDAP.yo')
-rw-r--r--docs/yodldocs/LDAP.yo161
1 files changed, 0 insertions, 161 deletions
diff --git a/docs/yodldocs/LDAP.yo b/docs/yodldocs/LDAP.yo
deleted file mode 100644
index cf454904d3..0000000000
--- a/docs/yodldocs/LDAP.yo
+++ /dev/null
@@ -1,161 +0,0 @@
-mailto(samba-bugs@samba.org)
-article(LDAP Support in Samba)(Matthew Chapman)(29th November 1998
-htmltag(p)(1) htmltag(hr)(1) htmltag(h2)(1)
-WARNING: This is experimental code. Use at your own risk, and please report
-any bugs (after reading BUGS.txt).
-htmltag(h2)(0) htmltag(br)(1)
-)
-redef(PARAGRAPH)(0)(htmlcommand(<p>
-) txtcommand(
-
-))
-
-sect(What is LDAP?)
-A directory is a type of hierarchical database optimised for simple query
-operations, often used for storing user information. LDAP is the
-Lightweight Directory Access Protocol, a protocol which is rapidly
-becoming the Internet standard for accessing directories.
-
-Many client applications now support LDAP (including Microsoft's Active
-Directory), and there are a number of servers available. The most popular
-implementation for Unix is from the em(University of Michigan); its
-homepage is at url(tt(http://www.umich.edu/~dirsvcs/ldap/))(http://www.umich.edu/~dirsvcs/ldap/).
-
-Information in an LDAP tree always comes in tt(attribute=value) pairs.
-The following is an example of a Samba user entry:
-
-verb(uid=jbloggs, dc=samba, dc=org
-objectclass=sambaAccount
-uid=jbloggs
-cn=Joe Bloggs
-description=Samba User
-uidNumber=500
-gidNumber=500
-rid=2000
-grouprid=2001
-lmPassword=46E389809F8D55BB78A48108148AD508
-ntPassword=1944CCE1AD6F80D8AEC9FC5BE77696F4
-pwdLastSet=35C11F1B
-smbHome=\\samba1\jbloggs
-homeDrive=Z
-script=logon.bat
-profile=\\samba1\jbloggs\profile
-workstations=JOE)
-
-Note that the top line is a special set of attributes called a
-em(distinguished name) which identifies the location of this entry beneath
-the directory's root node. Recent Internet standards suggest the use of
-domain-based naming using tt(dc) attributes (for instance, a microsoft.com
-directory should have a root node of tt(dc=microsoft, dc=com)), although
-this is not strictly necessary for isolated servers.
-
-There are a number of LDAP-related FAQ's on the internet, although
-generally the best source of information is the documentation for the
-individual servers.
-
-
-nl()
-sect(Why LDAP and Samba?)
-
-Using an LDAP directory allows Samba to store user and group information
-more reliably and flexibly than the current combination of smbpasswd,
-smbgroup, groupdb and aliasdb with the Unix databases. If a need emerges
-for extra user information to be stored, this can easily be added without
-loss of backwards compatibility.
-
-In addition, the Samba LDAP schema is compatible with RFC2307, allowing
-Unix password database information to be stored in the same entries. This
-provides a single, consistent repository for both Unix and Windows user
-information.
-
-
-nl()
-sect(Using LDAP with Samba)
-
-starteit()
-
-eit() Install and configure an LDAP server if you do not already have
-one. You should read your LDAP server's documentation and set up the
-configuration file and access control as desired.
-
-eit() Build Samba (latest CVS is required) with:
-
-verb( ./configure --with-ldap
- make clean; make install)
-
-eit() Add the following options to the global section of tt(smb.conf) as
-required.
-
-startdit()
-dit(ldap suffix)
-
-This parameter specifies the node of the LDAP tree beneath which
-Samba should store its information. This parameter MUST be provided
-when using LDAP with Samba.
-
- bf(Default:) tt(none)
-
- bf(Example:) tt(ldap suffix = "dc=mydomain, dc=org")
-
-dit(ldap bind as)
-
-This parameter specifies the entity to bind to an LDAP directory as.
-Usually it should be safe to use the LDAP root account; for larger
-installations it may be preferable to restrict Samba's access.
-
- bf(Default:) tt(none (bind anonymously))
-
- bf(Example:) tt(ldap bind as = "uid=root, dc=mydomain, dc=org")
-
-dit(ldap passwd file)
-
-This parameter specifies a file containing the password with which
-Samba should bind to an LDAP server. For obvious security reasons
-this file must be set to mode 700 or less.
-
- bf(Default:) tt(none (bind anonymously))
-
- bf(Example:) tt(ldap passwd file = /usr/local/samba/private/ldappasswd)
-
-dit(ldap server)
-
-This parameter specifies the DNS name of the LDAP server to use
-when storing and retrieving information about Samba users and
-groups.
-
- bf(Default:) tt(ldap server = localhost)
-
-dit(ldap port)
-
-This parameter specifies the TCP port number of the LDAP server.
-
- bf(Default:) tt(ldap port = 389)
-
-enddit()
-
-eit() You should then be able to use the normal smbpasswd(8) command for
-account administration (or User Manager in the near future).
-
-endeit()
-
-
-nl()
-sect(Using LDAP for Unix authentication)
-
-The Samba LDAP code was designed to utilise RFC2307-compliant directory
-entries if available. RFC2307 is a proposed standard for LDAP user
-information which has been adopted by a number of vendors. Further
-information is available at url(tt(http://www.xedoc.com.au/~lukeh/ldap/))(http://www.xedoc.com.au/~lukeh/ldap).
-
-Of particular interest is Luke Howard's nameservice switch module
-(nss_ldap) and PAM module (pam_ldap) implementing this standard, providing
-LDAP-based password databases for Unix. If you are setting up a server to
-provide integrated Unix/NT services than these are worth investigating.
-
-
-nl()
-sect(Compatibility with Active Directory)
-
-The current implementation is not designed to be used with Microsoft
-Active Directory, although compatibility may be added in the future.
-