Samba, LDAP , nástroje smbldap-...

jmlika na volny.cz jmlika na volny.cz
Středa Červenec 7 12:28:14 CEST 2004



     Dobrý den,

     Rád bych se zeptal někoho zkušenějšího než jsem já, proč nástroje na
práci s LDAP backendem Samby končí s chybou, pokud není v konfiguráku
OpenLDAPu "schemacheck off". Používám sambu 3 z MDK 10.

----------------------------------------------------------------------------
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.6 2001/04/20 23:32:43
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
# Modified by Christian Zoffoli <czoffoli na linux-mandrake.com>
# Version 0.2
#

include /usr/share/openldap/schema/core.schema
include /usr/share/openldap/schema/cosine.schema
include /usr/share/openldap/schema/corba.schema 
include /usr/share/openldap/schema/inetorgperson.schema
include /usr/share/openldap/schema/java.schema 
include /usr/share/openldap/schema/krb5-kdc.schema
include /usr/share/openldap/schema/kerberosobject.schema
include /usr/share/openldap/schema/misc.schema
include /usr/share/openldap/schema/nis.schema
include /usr/share/openldap/schema/openldap.schema 
include /usr/share/openldap/schema/autofs.schema
include /usr/share/openldap/schema/samba.schema
include /usr/share/openldap/schema/kolab.schema

#include /usr/share/openldap/schema/rfc822-MailMember.schema
#include /usr/share/openldap/schema/pilot.schema
#include /usr/share/openldap/schema/qmail.schema
#include /usr/share/openldap/schema/mull.schema
#include /usr/share/openldap/schema/netscape-profile.schema
#include /usr/share/openldap/schema/trust.schema
#include /usr/share/openldap/schema/dns.schema
#include /usr/share/openldap/schema/cron.schema

include /etc/openldap/schema/local.schema


# Define global ACLs to disable default read access.
include         /etc/openldap/slapd.access.conf

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /var/run/ldap/slapd.pid
argsfile        /var/run/ldap/slapd.args

modulepath      /usr/lib/openldap
#moduleload      back_dnssrv.la
#moduleload      back_ldap.la
#moduleload      back_meta.la
#moduleload      back_monitor.la
#moduleload      back_passwd.la
#moduleload      back_sql.la

# SASL config
#sasl-host ldap.example.com

# To allow TLS-enabled connections, create /usr/share/ssl/certs/slapd.pem
# and uncomment the following lines.
##
TLSRandFile            /dev/random
##
TLSCipherSuite         HIGH:MEDIUM:+SSLv2
TLSCertificateFile      /etc/ssl/openldap/ldap.pem
TLSCertificateKeyFile   /etc/ssl/openldap/ldap.pem
##
TLSCACertificatePath   /etc/ssl/openldap/
TLSCACertificateFile    /etc/ssl/openldap/ldap.pem
##
TLSVerifyClient 0


#######################################################################
# database definitions
#######################################################################

database        ldbm
suffix          "dc=bolevec,dc=pilsfree,dc=czf"
rootdn          "cn=Manager,dc=bolevec,dc=pilsfree,dc=czf"
rootpw          :-)
directory       /var/lib/ldap

password-hash   {crypt}
password-crypt-salt-format      "$1$%.8s"


# Staré indexy
#index          objectClass,uid,uidNumber,gidNumber eq
#index          cn,mail,surname,givenname           eq,subinitial

# Nové indexy
index   objectClass     eq
index cn                      pres,sub,eq
index sn                      pres,sub,eq
index uid                     pres,sub,eq
index displayName             pres,sub,eq
index uidNumber               eq
index gidNumber               eq
index memberUid               eq
index   sambaSID              eq
index   sambaPrimaryGroupSID  eq
index   sambaDomainName       eq
index   default               sub

# logging
loglevel 256

#allow bind_v2
schemacheck off



Další informace o konferenci Linux