diff options
Diffstat (limited to 'examples/LDAP/README')
-rw-r--r-- | examples/LDAP/README | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/examples/LDAP/README b/examples/LDAP/README new file mode 100644 index 0000000000..281a66e65a --- /dev/null +++ b/examples/LDAP/README @@ -0,0 +1,114 @@ +!== +!== README File for storing smbpasswd in LDAP +!== +!== written by Gerald Carter <jerry@samba.org> +!== + +This is a quick and dirty means of storing smbpasswd entries +in smbpasswd. Samba 2.2.x does not have any ability to grab +this information directly from LDAP so you will need to +periodically generate an smbpasswd from an ldapsearch +"(objectclass=smbPasswordEntry)". + +Be aware of search limits on your client or server which prevent +all entries from being returned in the search result. + + +Pre-requisites for import_smbpasswd.pl & export_smbpasswd.pl +------------------------------------------------------------ +You must install Mozilla PerLDAP which is available at: + + http://www.mozilla.org/directory + +PerLDAP depends on the Netscape (aka iPlanet) C-SDK which is +available for download at: + + http:// www.iplanet.com/downloads/developer/ + + +Pre-requisites for import2_smbpasswd.pl & export2_smbpasswd.pl +-------------------------------------------------------------- +These two scripts are modified versions of +[import|export]_smbpasswd.pl rewritten to use the Net::LDAP +perl module available from + + http://perl-ldap.sourceforge.net + + + +OpenLDAP 2.0.x +-------------- + +A sample schema file (samba.schema) has been included for use +with OpenLDAP 2.0.x. The OIDs used in this file are owned by +the Samba team and generated from its own Enterprise number +of 7165 (as issued by IANA). + +Copy the samba.schema file into your /etc/openldap/schema directory, +and add an include for it in the /etc/openldap/slapd.conf file. +Note that samba.schema relies upon the uid and uidNumber attributes +from the RFC2307 schema (i.e. nis.schema) + +If you choose to import /etc/passwd, nis, or nisplus tables +into ldap, you can use migration tools provided by PADL Software +which are located at + + http://www.padl.com/tools.html + +It is not a requirement that a user's /etc/passwd account +is stored in LDAP for the samba.schema file to work (although +the whole point of storing smbpasswd in LDAP is to have a +single location for user accounts, right?) + +The padl tools will leave you with LDIF files which you can import +into OpenLDAP. Before you can import them, you need to include +nis.schema and cosine.schema in your slapd.conf file. + +You must restart the LDAP server for these new included schema files +to become active. + + +import[2]_smbpasswd.pl +---------------------- + +Make sure you customize the local site variable in the perl script +(i.e. ldapserver, rootdn, rootpw, etc...). The script reads from +standard input and requires that user entries already exist +in your directories containing the 'objectclass: posixAccount' +value pair. For more information on this object and related schema, +refer to RFC2307 and http://www.padl.com/software.html). + +The following will import an smbpasswd file into an LDAP directory + + $ cat smbpasswd | import[2]_smbpasswd.pl + + +export[2]_smbpasswd.pl +---------------------- + +Make sure you customize the local site variable in the perl script +(i.e. ldapserver, rootdn, rootpw, etc...). You can then generate +an smbpasswd file by executing + + $ export[2]_smbpasswd.pl > smbpasswd + +NOTE: Server side (or client side) search limites may prevent +all users from being listed. Check you directory server documentation +for details. + + + +ldapsync.pl & ldapchgpasswd.pl +------------------------------ +For more information on these scripts, see + + http://www.mami.net/univr/tng-ldap/howto/ + + +The ldapsync.pl script requires a small command (smbencrypt) +for generating LanMan and NT password hashes which +can be found at ftp://samba.org/pub/samba/contributed/ + +!== +!== end of README +!== |