Haven't tried the new style configuration, but this is what I did to stick to the old style slapd.conf configuration, which was as easy as breathing
Code:
# My /etc/default/slapd contents
cat /etc/default/slapd | egrep -v "^#|^$"
SLAPD_CONF="/etc/ldap/slapd.conf"
SLAPD_USER="openldap"
SLAPD_GROUP="openldap"
SLAPD_PIDFILE="/var/run/slapd/slapd.pid"
SLAPD_SERVICES="ldap:///"
SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
SLAPD_OPTIONS=""
# I think I also did
mkdir -p /var/run/slapd
# Added these to /etc/init.d/slapd (because of a bug)
# At the end of start_slapd {} function
pidof /usr/sbin/slapd > "$SLAPD_PIDFILE"
# At the end of stop_slapd {} function
rm -f $SLAPD_PIDFILE
# Copied samba.schema (comes with samba package) in /etc/ldap/schema
# /etc/ldap/slapd.conf contents
cat /etc/ldap/slapd.conf | egrep -v "^#|^$"
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/samba.schema
allow bind_v2
moduleload back_bdb
database bdb
suffix dc=luvshines,dc=com
rootdn cn=manager,dc=luvshines,dc=com
rootpw secret
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
And that was it, got a working LDAP server
Then you'll have to add some users and basic configuration(you can change this as per your need)
First defined some basic tree structure
Code:
# Create a file manager.ldif
dn: dc=luvshines,dc=com
objectclass: dcObject
objectclass: organization
o: ExampleCo
dc: luvshines
dn: cn=Manager,dc=luvshines,dc=com
cn: Manager
objectclass: organizationalRole
dn: ou=People,dc=luvshines,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=luvshines,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit
Issued the command
Code:
ldapadd -x -D cn=manager,dc=luvshines,dc=com -w secret -f manager.ldif
Then added some users, created another file, testuser.ldif
Code:
dn: cn=testgroup,ou=Group,dc=luvshines,dc=com
objectClass: posixGroup
objectClass: top
cn: testgroup
userPassword: testgroup
gidNumber: 1000
dn: uid=testuser,ou=People,dc=luvshines,dc=com
cn: Test User
uid: testuser
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: sambaSamAccount
userpassword: testpassword
uidNumber: 1100
gidNumber: 1000
homeDirectory: /home
sambaSID: S-1-0-1100
sambaNTPassword: 82E6D500C194BA5B9716495691FB7DD6
loginShell: /bin/bash
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
00000000
sambaAcctFlags: [U ]
sambaPwdLastSet: 1263386096
Again issued the command
Code:
ldapadd -x -D cn=manager,dc=luvshines,dc=com -w secret -f testuser.ldif
I generated the Samba stuff from script given here. I put in some fake SID, you can configure it as per your need
http://search.cpan.org/~bjkuit/Crypt....12/SmbHash.pm
The above ldif created a group testgroup and a user testuser with Samba password as 'test01' and userpassword as 'testpassword'
Don't know if this helps neone or not, but I find it real simple to configure and use
This doesn't have any ACL stuff nor includes any SSL/TLS stuff. You can add it as you proceed/learn. Also, I see no point in running into security considerations unless you really know what you are doing and why you are doing it. So learn it and then use it
Bookmarks