Samba4/LDAP Backend/OpenLDAP
From SambaWiki
Contents |
Setting up Samba4 against an OpenLDAP installation
Getting OpenLDAP
This guide presumes you are running OpenLDAP HEAD from thier CVS. See http://www.openldap.org/software/repo.html
Getting Samba4
Check out Samba4 from Samba.org's anonymous rsync server.
Note: These instructions are kept in line with movements in the GIT tree - use of an alpha tarball may not work with these instructions
rsync -a ftp.samba.org::ftp/pub/unpacked/samba_4_0_test/ SAMBA_4_0
Build Samba4
Build samba4, with --enable-developer to get appropriate warnings and debug symbols:
( cd SAMBA_4_0/source ./autogen.sh ./configure --enable-developer make make install )
Setup $PATH
Add /usr/local/samba/bin and /usr/local/samba/sbin to your path
PATH=/usr/local/samba/bin:/usr/local/samba/sbin:$PATH export PATH
Setup OpenLDAP
Prepare the backend:
( cd SAMBA_4_0/source setup/provision-backend --realm=ldap.samba.example.com --ldap-admin-pass=penguin --ldap-backend-type=openldap --server-role='domain controller' )
Now set up it's directory instance:
slapd -d0 -f /usr/local/samba/private/ldap/slapd.conf -h ldapi://%2Fusr%2flocal%2fsamba%2fprivate%2fldap%2fldapi
Provision Samba4 into this instance:
( cd SAMBA_4_0/source setup/provision --realm=LDAP.SAMBA.EXAMPLE.COM --domain=LDAP \ --server-role='domain controller' \ --ldap-backend=ldapi --ldap-backend-type=openldap \ --username=samba-admin --password=penguin \ )
The ACL in this example slapd.conf sets restricted access to all entries. You can change this to allow direct access for administrative purposes, but for now this is a secure example, and avoids unintended writes to the database (ie, not via Samba).
Edit the created DNS zone file to include an appropriate entry for host linux2, and install into the DNS server.
Start Samba4
Start Samba4 on host linux1
smbd -i -M single -d3
