I'm having quite a bit of trouble getting an LDAP directory set up for the idmap backend for winbind. I've been working on it for quite a while, and haven't found any very helpful websites or anything. I've found quite a bit on how to set up a PDC using LDAP, which would be nice, but I already have the PDC... I just need LDAP to host UID's and GID's. The things I'd like to know are: 1. What should the rootdn, suffix, and indexes be in the slapd.conf? I think that the rootdn needs to match what I put in the smb.conf for the "ldap admin dn", and I'm fairly sure the suffix needs to match the "ldap suffix" from the smb.conf... I don't have any idea about the indexes. 2. What needs to be in the ldif file to create the directory properly? I've tried several that I've found online, both from the Samba 3 By Example book, and lots of forum / mailing list posts. I'm not sure if what I've tried has been correct, but it hasn't worked yet, and this is one part I'm not sure about. 3. I think that once I get the first 2 things worked out, I just set about 6 things in my smb.conf (ldap suffix, ldap admin dn, idmap backend (which should point to ldap:ldap://127.0.0.1, if the server is running on the same machine, right?), ldap idmap suffix, idmap uid, and idmap gid), enter my password from the "smbpasswd -w" command, and once I restart winbind, it should automatically start filling up the directory, right? 4. Once I get the server going and filled up with UID's and GID's, for the clients, am I correct in saying that I alter the smb.conf to include the ldap suffix, ldap admin dn, idmap backend, ldap idmap suffix, idmap uid, and idmap gid, then again enter my password via smbpasswd -w, change /etc/nsswitch.conf to be "passwd files ldap" instead of "passwd files winbind", and it should work? This isn't documented very well anywhere, so I'd appreciate any hints or suggestions anybody might have... Shannon
"Shannon Johnson" <sjohnson@engr.psu.edu> Sent by: samba-bounces+christian.wittmer=intercomponentware.com@lists.samba.org 05.08.2004 22:59 To: <samba@lists.samba.org> cc: Subject: [Samba] LDAP Idmap Hi shannon, a good start you'll find at www.idealx.org. There is a very good docu on how to setup samba3-LDAP. If you then running into problems. ask the list. Chris I'm having quite a bit of trouble getting an LDAP directory set up for the idmap backend for winbind. I've been working on it for quite a while, and haven't found any very helpful websites or anything. I've found quite a bit on how to set up a PDC using LDAP, which would be nice, but I already have the PDC... I just need LDAP to host UID's and GID's. The things I'd like to know are: 1. What should the rootdn, suffix, and indexes be in the slapd.conf? I think that the rootdn needs to match what I put in the smb.conf for the "ldap admin dn", and I'm fairly sure the suffix needs to match the "ldap suffix" from the smb.conf... I don't have any idea about the indexes. 2. What needs to be in the ldif file to create the directory properly? I've tried several that I've found online, both from the Samba 3 By Example book, and lots of forum / mailing list posts. I'm not sure if what I've tried has been correct, but it hasn't worked yet, and this is one part I'm not sure about. 3. I think that once I get the first 2 things worked out, I just set about 6 things in my smb.conf (ldap suffix, ldap admin dn, idmap backend (which should point to ldap:ldap://127.0.0.1, if the server is running on the same machine, right?), ldap idmap suffix, idmap uid, and idmap gid), enter my password from the "smbpasswd -w" command, and once I restart winbind, it should automatically start filling up the directory, right? 4. Once I get the server going and filled up with UID's and GID's, for the clients, am I correct in saying that I alter the smb.conf to include the ldap suffix, ldap admin dn, idmap backend, ldap idmap suffix, idmap uid, and idmap gid, then again enter my password via smbpasswd -w, change /etc/nsswitch.conf to be "passwd files ldap" instead of "passwd files winbind", and it should work? This isn't documented very well anywhere, so I'd appreciate any hints or suggestions anybody might have... Shannon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Thanks for the quick response... but I've already been there. As I said, I'm NOT looking for an LDAP PDC... I'm ONLY looking for LDAP idmap. There is no documentation on idealx.org for an LDAP idmap that does NOT include the PDC... nor is there much documentation anywhere else about it. ____________________________ Shannon Johnson Network Support Specialist / Systems Administrator Dept. of Mechanical and Nuclear Engineering 224 Reber Building University Park, PA 16802 Phone: (814) 865-8267 ____________________________> -----Original Message----- > From: Christian.Wittmer@intercomponentware.com > [mailto:Christian.Wittmer@intercomponentware.com] > Sent: Friday, August 06, 2004 3:59 AM > To: Shannon Johnson; samba@lists.samba.org > Subject: Re: [Samba] LDAP Idmap > > "Shannon Johnson" <sjohnson@engr.psu.edu> > Sent by: > samba-bounces+christian.wittmer=intercomponentware.com@lists.samba.org > 05.08.2004 22:59 > > > To: <samba@lists.samba.org> > cc: > Subject: [Samba] LDAP Idmap > > Hi shannon, > > a good start you'll find at www.idealx.org. There is a very good docuon> how to setup samba3-LDAP. > If you then running into problems. > ask the list. > > Chris > > > > I'm having quite a bit of trouble getting an LDAP directory set up for > the idmap backend for winbind. I've been working on it for quite a > while, and haven't found any very helpful websites or anything. I've > found quite a bit on how to set up a PDC using LDAP, which would be > nice, but I already have the PDC... I just need LDAP to host UID's and > GID's. The things I'd like to know are: > > 1. What should the rootdn, suffix, and indexes be in the > slapd.conf? I think that the rootdn needs to match what I put in the > smb.conf for the "ldap admin dn", and I'm fairly sure the suffix needs > to match the "ldap suffix" from the smb.conf... I don't have any idea > about the indexes. > 2. What needs to be in the ldif file to create thedirectory> properly? I've tried several that I've found online, both from theSamba> 3 By Example book, and lots of forum / mailing list posts. I'm notsure> if what I've tried has been correct, but it hasn't worked yet, andthis> is one part I'm not sure about. > 3. I think that once I get the first 2 things workedout, I> just > set about 6 things in my smb.conf (ldap suffix, ldap admin dn, idmap > backend (which should point to ldap:ldap://127.0.0.1, if the server is > running on the same machine, right?), ldap idmap suffix, idmap uid,and> idmap gid), enter my password from the "smbpasswd -w" command, andonce> I restart winbind, it should automatically start filling up the > directory, right? > 4. Once I get the server going and filled up with UID'sand> GID's, > for the clients, am I correct in saying that I alter the smb.conf to > include the ldap suffix, ldap admin dn, idmap backend, ldap idmap > suffix, idmap uid, and idmap gid, then again enter my password via > smbpasswd -w, change /etc/nsswitch.conf to be "passwd files ldap" > instead of "passwd files winbind", and it should work? > > This isn't documented very well anywhere, so I'd appreciate any hintsor> suggestions anybody might have... > > Shannon > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > >
This portion of Samba 3 by Example covers idmaps in the ldap database. http://us2.samba.org/samba/docs/man/Samba-Guide/happy.html#id2536343> I'm having quite a bit of trouble getting an LDAP directory set up forJim C. -- ----------------------------------------------------------------- | I can be reached on the following Instant Messenger services: | |---------------------------------------------------------------| | MSN: j_c_llings@hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---------------------------------------------------------------| | Y!: j_c_llings Jabber: jcllings@njs.netlab.cz | -----------------------------------------------------------------