Samba4  OpenLDAP-Backend Quick-Howto
====================================

oliver@itc.li  -  August 2009


This Mini-Howto describes in a very simplified way 
how to setup Samba 4 (S4) (pre)Alpha 13 with the
OpenLDAP (OL) -Backend.
Use of OpenLDAP from CVS after 2010-04-22 is required

The current instructions are at:

http://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP

1.) Download and compile OpenLDAP. 

The use of (older) Versions shipped with Distributions often
causes trouble, so dont use them. Configure-Example:

#> ./configure --enable-overlays=yes --with-tls=yes --with-cyrus-sasl=yes
#> make depend && make && make install

Note: openssl and cyrus-sasl libs should be installed
before compilation.




2.) Final provision:

(you can add --adminpass=<yourpass> to the parameters,
otherwise a random password will be generated for 
cn=Administrator,cn=users,<Your Base-DN>):

#> setup/provision \
   --ldap-backend-type=openldap \
   --slapd-path="/usr/local/libexec/slapd"
   --username=samba-admin --realm=ldap.local.site \
   --domain=LDAP --server-role='domain controller'\
   --adminpass=linux

At the End of the final provision you should get
the following output (only partial here). Read it carefully:

--------
...
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf

Use later the following commandline to start slapd, then Samba:
/usr/local/libexec/slapd -f /usr/local/samba/private/ldap/slapd.conf -h ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi

This slapd-Commandline is also stored under: /usr/local/samba/private/ldap/slapd_command_file.sh
Please install the phpLDAPadmin configuration located at /usr/local/samba/private/phpldapadmin-config.php into /etc/phpldapadmin/config.php
Once the above files are installed, your Samba4 server will be ready to use
Server Role:    domain controller
Hostname:       ldapmaster
NetBIOS Domain: LDAP
DNS Domain:     ldap.local.site
DOMAIN SID:     S-1-5-21-429312062-2328781357-2130201529
Admin password: linux

--------

Our slapd in "provision-mode" wiil be shut down automatically 
after final provision ends.


3.) Run OL and S4:

After you completed the other necessary steps (krb and named-specific),
start first OL with the commandline displayed in the output under (3),
(remember: the slapd-Commandline is also stored in the file ../slapd_command_file.sh)
then S4.



4.) Special Setup-Types:

OpenLDAP-Online Configuration is now in use by default (olc):

The olc will be setup automatically
under ../private/slapd.d/.
olc is accessible via "cn=samba-admin,cn=samba" and Base-DN "cn=config"
olc is intended primarily for use in conjunction with MMR

Attention: You have to start OL with the commandline
displayed in the output under (3), but you have to set a 
listening port of slapd manually:

(e.g. -h ldap://ldapmaster.ldap.local.site:9000)

Attention: You _should_not_ edit the olc-Sections
"config" and "ldif", as these are vital to the olc itself.


b) MultiMaster-Configuration (MMR):
Use the provision Parameter:

 --ol-mmr-urls=<list of whitespace separated ldap-urls (and Ports <> 389!).

e.g.:
--ol-mmr-urls="ldap://ldapmaster1.ldap.local.site:9000 \ 
   ldap://ldapmaster2.ldap.local.site:9000"

Attention: You have to start OL with the commandline
displayed in the output under (3), but you have to set a 
listening port of slapd manually
(e.g. -h ldap://ldapmaster1.ldap.local.site:9000)

The Ports must be different from 389, as these are occupied by S4.