Samba, LDAP , nástroje smbldap-...
jmlika na volny.cz
jmlika na volny.cz
Středa Červenec 7 12:28:14 CEST 2004
Dobrý den,
Rád bych se zeptal někoho zkušenějšího než jsem já, proč nástroje na
práci s LDAP backendem Samby končí s chybou, pokud není v konfiguráku
OpenLDAPu "schemacheck off". Používám sambu 3 z MDK 10.
----------------------------------------------------------------------------
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.6 2001/04/20 23:32:43
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
# Modified by Christian Zoffoli <czoffoli na linux-mandrake.com>
# Version 0.2
#
include /usr/share/openldap/schema/core.schema
include /usr/share/openldap/schema/cosine.schema
include /usr/share/openldap/schema/corba.schema
include /usr/share/openldap/schema/inetorgperson.schema
include /usr/share/openldap/schema/java.schema
include /usr/share/openldap/schema/krb5-kdc.schema
include /usr/share/openldap/schema/kerberosobject.schema
include /usr/share/openldap/schema/misc.schema
include /usr/share/openldap/schema/nis.schema
include /usr/share/openldap/schema/openldap.schema
include /usr/share/openldap/schema/autofs.schema
include /usr/share/openldap/schema/samba.schema
include /usr/share/openldap/schema/kolab.schema
#include /usr/share/openldap/schema/rfc822-MailMember.schema
#include /usr/share/openldap/schema/pilot.schema
#include /usr/share/openldap/schema/qmail.schema
#include /usr/share/openldap/schema/mull.schema
#include /usr/share/openldap/schema/netscape-profile.schema
#include /usr/share/openldap/schema/trust.schema
#include /usr/share/openldap/schema/dns.schema
#include /usr/share/openldap/schema/cron.schema
include /etc/openldap/schema/local.schema
# Define global ACLs to disable default read access.
include /etc/openldap/slapd.access.conf
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/ldap/slapd.pid
argsfile /var/run/ldap/slapd.args
modulepath /usr/lib/openldap
#moduleload back_dnssrv.la
#moduleload back_ldap.la
#moduleload back_meta.la
#moduleload back_monitor.la
#moduleload back_passwd.la
#moduleload back_sql.la
# SASL config
#sasl-host ldap.example.com
# To allow TLS-enabled connections, create /usr/share/ssl/certs/slapd.pem
# and uncomment the following lines.
##
TLSRandFile /dev/random
##
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /etc/ssl/openldap/ldap.pem
TLSCertificateKeyFile /etc/ssl/openldap/ldap.pem
##
TLSCACertificatePath /etc/ssl/openldap/
TLSCACertificateFile /etc/ssl/openldap/ldap.pem
##
TLSVerifyClient 0
#######################################################################
# database definitions
#######################################################################
database ldbm
suffix "dc=bolevec,dc=pilsfree,dc=czf"
rootdn "cn=Manager,dc=bolevec,dc=pilsfree,dc=czf"
rootpw :-)
directory /var/lib/ldap
password-hash {crypt}
password-crypt-salt-format "$1$%.8s"
# Staré indexy
#index objectClass,uid,uidNumber,gidNumber eq
#index cn,mail,surname,givenname eq,subinitial
# Nové indexy
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUid eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
# logging
loglevel 256
#allow bind_v2
schemacheck off
Další informace o konferenci Linux