samba - Jul 2010 - Synchronisation using LDAP

Hello All,

I am trying to set up a sync between google apps professional and samba4, we
are currently in the fase to use samba4 instead of our current windows 2008
AD. However, I can't seem to browse the internal LDAP server.

I am using the alpha12. Whenever I try to connect, I recieve no such
attribute.

Please advise on how to connect properly.

-- 
Jorijn Schrijvershof

SNIP
>
> I am trying to set up a sync between google apps professional and 
> samba4, we
> are currently in the fase to use samba4 instead of our current windows 
> 2008
> AD. However, I can't seem to browse the internal LDAP server.
I use yee olde reliable LDAP browser and connect the same way I do to 
M$.

IP Addy:
Base DN:  DC=<mydomain>,DC=<extension>
User DN: CN=Administrator,CN=Users (append base DN).

Do note, that for M$ and for Samba4 the caps ARE necessary.

Cheers,

>
>
> I am using the alpha12. Whenever I try to connect, I recieve no such
> attribute.
>
> Please advise on how to connect properly.
>
> --
> Jorijn Schrijvershof
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba

Hi

Sorry, I accidentally did not send my initial reply to the list.

On 5 July 2010 08:26, Jorijn Schrijvershof <jorijn at jorijn.com>
wrote:
> On Fri, Jul 2, 2010 at 3:53 PM, Michael Wood <esiotrot at gmail.com>
wrote:
>>
>> For a start just try:
>> $ ldapsearch -x -h localhost
>>
>> That should print out a whole bunch of stuff.
>>
>> You can also restrict your search to a certain part of the tree like
this:
>>
>> $ ldapsearch -x -h localhost -b CN=Users,DC=samba,DC=example,DC=com
>>
>> (assuming your realm is samba.example.com.)
>>
>> And if you just want their Windows login name, try:
>>
>> $ ldapsearch -x -h localhost -b CN=Users,DC=samba,DC=example,DC=com
>> sAMAccountName
>>
>> If you want to try authenticating to the LDAP server, try:
>>
>> ldapsearch -x -h localhost -b CN=Users,DC=samba,DC=example,DC=com -D
>> CN=Administrator,CN=Users,DC=samba,DC=example,DC=com -W sAMAccountName
>>
>> or like this:
>>
>> $ sudo apt-get install libsasl2-modules-gssapi-heimdal
>> (or libsasl2-modules-gssapi-mit)
>> $ kinit Administrator
>> $ ldapsearch -Y gssapi -h localhost -b
>> CN=Users,DC=samba,DC=example,DC=com sAMAccountName
>>
>> I hope that helps.
>
> Thank you all, this helped a lot. I am able to connect and browse the
> internal ldap server now. Now for the passwords;
> Google supports sha1, md5 and plaintext passwords during synchronisation,
> where are these located, and if not supported, how to make them supported?
> Thanks a lot :-)
I am not sure this will be possible unless you use plain text
passwords because I believe Windows uses its own hashing algorithms.
I don't know anything about Google's LDAP server/schema, but if you
authenticate as an admin user I think you should be able to access the
passwords.  You might need to fiddle with the access control settings
if you have access to that.

-- 
Michael Wood <esiotrot at gmail.com>