At first, I was going to wait with installing LDAP on the slug, because it isn’t really needed at this point, and I just wanted to get the file serving up and running. But then I found this great guide to LDAP/Samba installation and I thought I’d try it out. So these instructions should follow Edd Dumbill’s quite closely, but with some extra details about how I did things.
First I installed the things I needed from the apt archives:
sudo apt-get install slapd ldap-utils libnss-ldap libpam-ldap samba smbldap-tools smbclient samba-doc
I followed the advice from the guide and didn’t configure the packages at this time. Instead I configured them one at-a-time with dpkg-reconfigre, like so:
sudo dpkg-reconfigure -plow slapd
This will start the configuration for LDAP. It asks some questions, most of which should be really obvious. Some tips though: You should create a database backup, even if it will just contain rubbish, because, like it says, the old data could break your installation. If you don’t plan on using any services that need LDAPv2 (I don’t), you should disable it.
Also clean out the backup (as I said it is just rubbish):
sudo rm -R /var/backups/unknown-2.3.30-5.ldapdb
Edit your configuration for the LDAP tools with:
sudo nano -wL /etc/ldap/ldap.conf
(ldap.conf is for the client, slapd.conf is for the server) and add the following lines:
BASE dc=godtjod,dc=net
URI ldap://127.0.0.1
Now check your database with:
sudo ldapsearch -x
If it returns two entries (your domain, and your superuser) then you are ready to continue with setting up a samba database in your LDAP-service. First we copy the schema (a model for a database) for samba:
zcat /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz > ~/samba.schema
sudo cp ~/samba.schema /etc/ldap/schema/
and configure slapd to include this schema by adding the following lines to slapd.conf (right after the existing includes):
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/misc.schema
In the same file tell slapd to use some indexes (the slug isn’t terribly fast and so could use the speed-up); In the database section add the lines (after the existing index line):
index uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
Also in slapd.conf, change the access rules to allow your users to change their own passwords. Do this by changing the line
access to attrs=userPassword,shadowLastChange
to
access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
Then restart your LDAP server to load the changes and again check that everything works:
sudo /etc/init.d/slapd restart
sudo ldapsearch -x
Did it work? Good, then take a break and wait for the next part: how to use samba with ldap.
March 29, 2007 at 7:16 am
[...] The Making of a Network Just another WordPress.com weblog « Installing LDAP [...]