summaryrefslogtreecommitdiff
path: root/examples/LDAP/README
diff options
context:
space:
mode:
Diffstat (limited to 'examples/LDAP/README')
-rw-r--r--examples/LDAP/README114
1 files changed, 114 insertions, 0 deletions
diff --git a/examples/LDAP/README b/examples/LDAP/README
new file mode 100644
index 0000000000..281a66e65a
--- /dev/null
+++ b/examples/LDAP/README
@@ -0,0 +1,114 @@
+!==
+!== README File for storing smbpasswd in LDAP
+!==
+!== written by Gerald Carter <jerry@samba.org>
+!==
+
+This is a quick and dirty means of storing smbpasswd entries
+in smbpasswd. Samba 2.2.x does not have any ability to grab
+this information directly from LDAP so you will need to
+periodically generate an smbpasswd from an ldapsearch
+"(objectclass=smbPasswordEntry)".
+
+Be aware of search limits on your client or server which prevent
+all entries from being returned in the search result.
+
+
+Pre-requisites for import_smbpasswd.pl & export_smbpasswd.pl
+------------------------------------------------------------
+You must install Mozilla PerLDAP which is available at:
+
+ http://www.mozilla.org/directory
+
+PerLDAP depends on the Netscape (aka iPlanet) C-SDK which is
+available for download at:
+
+ http:// www.iplanet.com/downloads/developer/
+
+
+Pre-requisites for import2_smbpasswd.pl & export2_smbpasswd.pl
+--------------------------------------------------------------
+These two scripts are modified versions of
+[import|export]_smbpasswd.pl rewritten to use the Net::LDAP
+perl module available from
+
+ http://perl-ldap.sourceforge.net
+
+
+
+OpenLDAP 2.0.x
+--------------
+
+A sample schema file (samba.schema) has been included for use
+with OpenLDAP 2.0.x. The OIDs used in this file are owned by
+the Samba team and generated from its own Enterprise number
+of 7165 (as issued by IANA).
+
+Copy the samba.schema file into your /etc/openldap/schema directory,
+and add an include for it in the /etc/openldap/slapd.conf file.
+Note that samba.schema relies upon the uid and uidNumber attributes
+from the RFC2307 schema (i.e. nis.schema)
+
+If you choose to import /etc/passwd, nis, or nisplus tables
+into ldap, you can use migration tools provided by PADL Software
+which are located at
+
+ http://www.padl.com/tools.html
+
+It is not a requirement that a user's /etc/passwd account
+is stored in LDAP for the samba.schema file to work (although
+the whole point of storing smbpasswd in LDAP is to have a
+single location for user accounts, right?)
+
+The padl tools will leave you with LDIF files which you can import
+into OpenLDAP. Before you can import them, you need to include
+nis.schema and cosine.schema in your slapd.conf file.
+
+You must restart the LDAP server for these new included schema files
+to become active.
+
+
+import[2]_smbpasswd.pl
+----------------------
+
+Make sure you customize the local site variable in the perl script
+(i.e. ldapserver, rootdn, rootpw, etc...). The script reads from
+standard input and requires that user entries already exist
+in your directories containing the 'objectclass: posixAccount'
+value pair. For more information on this object and related schema,
+refer to RFC2307 and http://www.padl.com/software.html).
+
+The following will import an smbpasswd file into an LDAP directory
+
+ $ cat smbpasswd | import[2]_smbpasswd.pl
+
+
+export[2]_smbpasswd.pl
+----------------------
+
+Make sure you customize the local site variable in the perl script
+(i.e. ldapserver, rootdn, rootpw, etc...). You can then generate
+an smbpasswd file by executing
+
+ $ export[2]_smbpasswd.pl > smbpasswd
+
+NOTE: Server side (or client side) search limites may prevent
+all users from being listed. Check you directory server documentation
+for details.
+
+
+
+ldapsync.pl & ldapchgpasswd.pl
+------------------------------
+For more information on these scripts, see
+
+ http://www.mami.net/univr/tng-ldap/howto/
+
+
+The ldapsync.pl script requires a small command (smbencrypt)
+for generating LanMan and NT password hashes which
+can be found at ftp://samba.org/pub/samba/contributed/
+
+!==
+!== end of README
+!==