1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
Samba4 OpenLDAP-Backend Quick-Howto
====================================
oliver@itc.li - August 2009
This Mini-Howto describes in a very simplified way
how to setup Samba 4 (S4) (pre)Alpha 9 with the
OpenLDAP (OL) -Backend.
Use of OpenLDAP >= 2.4.17 is strongly recommended.
1.) Download and compile OpenLDAP.
The use of (older) Versions shipped with Distributions often
causes trouble, so dont use them. Configure-Example:
#> ./configure --enable-overlays=yes --with-tls=yes --with-cyrus-sasl=yes
#> make depend && make && make install
Note: openssl and cyrus-sasl libs should be installed
before compilation.
2.) Final provision:
(you can add --adminpass=<yourpass> to the parameters,
otherwise a random password will be generated for
cn=Administrator,cn=users,<Your Base-DN>):
#> setup/provision \
--ldap-backend-type=openldap \
--ol-slapd="/usr/local/libexec/slapd"
--username=samba-admin --realm=ldap.local.site \
--domain=LDAP --server-role='domain controller'\
--adminpass=linux
At the End of the final provision you should get
the following output (only partial here). Read it carefully:
--------
...
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Use later the following commandline to start slapd, then Samba:
/usr/local/libexec/slapd -f /usr/local/samba/private/ldap/slapd.conf -h ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi
This slapd-Commandline is also stored under: /usr/local/samba/private/ldap/slapd_command_file.sh
Please install the phpLDAPadmin configuration located at /usr/local/samba/private/phpldapadmin-config.php into /etc/phpldapadmin/config.php
Once the above files are installed, your Samba4 server will be ready to use
Server Role: domain controller
Hostname: ldapmaster
NetBIOS Domain: LDAP
DNS Domain: ldap.local.site
DOMAIN SID: S-1-5-21-429312062-2328781357-2130201529
Admin password: linux
--------
Our slapd in "provision-mode" wiil be shut down automatically
after final provision ends.
3.) Run OL and S4:
After you completed the other necessary steps (krb and named-specific),
start first OL with the commandline displayed in the output under (3),
(remember: the slapd-Commandline is also stored in the file ../slapd_command_file.sh)
then S4.
4.) Special Setup-Types:
OpenLDAP-Online Configuration is now in use by default (olc):
The olc will be setup automatically
under ../private/slapd.d/.
olc is accessible via "cn=samba-admin,cn=samba" and Base-DN "cn=config"
olc is intended primarily for use in conjunction with MMR
Attention: You have to start OL with the commandline
displayed in the output under (3), but you have to set a
listening port of slapd manually:
(e.g. -h ldap://ldapmaster.ldap.local.site:9000)
Attention: You _should_not_ edit the olc-Sections
"config" and "ldif", as these are vital to the olc itself.
b) MultiMaster-Configuration (MMR):
At this time (S4 (pre)Alpha9) the only possible Replication setup.
Use the provision Parameter:
--ol-mmr-urls=<list of whitespace separated ldap-urls (and Ports <> 389!).
e.g.:
--ol-mmr-urls="ldap://ldapmaster1.ldap.local.site:9000 \
ldap://ldapmaster2.ldap.local.site:9000"
Attention: You have to start OL with the commandline
displayed in the output under (3), but you have to set a
listening port of slapd manually
(e.g. -h ldap://ldapmaster1.ldap.local.site:9000)
The Ports must be different from 389, as these are occupied by S4.
|
