3.3 LDAP Population

From SambaWiki

1.0: Configuring Samba

2.0: Configuring LDAP

3.0: Initialization LDAP Database

4.0: User Management

5.0: Heartbeat HA Configuration

6.0: DRBD


Table of Contents

3.1 Provisioning Database

3.2 Preload LDIF

3.3 LDAP Population

3.4 Database Replication

Now its time to populate the database with our ldif that we edited to match our domain details as per section 3.2: Preload LDIF


Make sure LDAP is not running.

[root@node1]# vi /var/lib/ldap/DB_CONFIG

set_cachesize           0 150000000 1
set_lg_regionmax        262144
set_lg_bsize            2097152
set_flags               DB_LOG_AUTOREMOVE


This step is necessary if you are using delta-syncrepl as per section 2.1.2 slapd.conf Master delta-syncrepl Openldap2.3

Because we are using multiple databases on the Provider it is nessassary to place an additional DB_CONFIG file insite the database directory.

[root@node1]# mkdir /var/lib/ldap/accesslog
[root@node1]# cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog


[root@node1]# cd /ldap-scripts/

[root@node1 scripts]# slapadd –b "dc=differentialdesign,dc=org"  -v -l preload-differentialdesign.ldif

added: "dc=differentialdesign,dc=org" (00000001)
added: "cn=Manager,dc=differentialdesign,dc=org" (00000002)
added: "cn=syncuser,dc=differentialdesign,dc=org" (00000003)
added: "cn=sambaadmin,dc=differentialdesign,dc=org" (00000004)
added: "cn=mailadmin,dc=differentialdesign,dc=org" (00000005)
added: "ou=Users,dc=differentialdesign,dc=org" (00000006)
added: "ou=People,ou=Users,dc=differentialdesign,dc=org" (00000007)
added: "ou=Computers,ou=Users,dc=differentialdesign,dc=org" (00000008)
added: "ou=Groups,dc=differentialdesign,dc=org" (00000009)
added: "ou=Domains,dc=differentialdesign,dc=org" (0000000a)
added: "sambaDomainName=DDESIGN,ou=Domains,dc=differentialdesign,dc=org" (0000000b)
added: "cn=Domain Admins,ou=Groups,dc=differentialdesign,dc=org" (0000000c)
added: "cn=Domain Users,ou=Groups,dc=differentialdesign,dc=org" (0000000d)
added: "cn=Domain Guests,ou=Groups,dc=differentialdesign,dc=org" (0000000e)
added: "cn=Domain Computers,ou=Groups,dc=differentialdesign,dc=org" (000000f)
added: "cn=Administrators,ou=Groups,dc=differentialdesign,dc=org" (00000010)
added: "cn=Account Operators,ou=Groups,dc=differentialdesign,dc=org" (00000011)
added: "cn=Print Operators,ou=Groups,dc=differentialdesign,dc=org" (00000012)
added: "cn=Backup Operators,ou=Groups,dc=differentialdesign,dc=org" (00000013)
added: "cn=Replicators,ou=Groups,dc=differentialdesign,dc=org" (00000014)


[root@node1]# chown –R ldap.ldap /var/lib/ldap


The user to bind Samba to LDAP is defined in our smb.conf; this is sambaadmin’s password as set in samba preload-differentialdesign.ldif.

The entry in the preload-differentialdesign.ldif sambaadmin has a password “SambaAdmin”

dn: cn=sambaadmin,dc=differentialdesign,dc=org
objectClass: person
cn: sambaadmin
sn: sambaadmin
userPassword: SambaAdmin
[root@node1 scripts]# smbpasswd -w SambaAdmin
Setting stored password for "cn=sambaadmin,dc=differentialdesign,dc=org" in secrets.tdb

[root@node1 ~]# service ldap restart
Stopping slapd:                                      [  OK  ]
Stopping slurpd:                                     [  OK  ]
Checking configuration files for slapd:  config file testing succeeded
                                                     [  OK  ]
Starting slapd:                                      [  OK  ]
Starting slurpd:                                     [  OK  ]

[root@node1 ~]# service smb restart
Shutting down SMB services:                         [  OK  ]
Shutting down NMB services:                         [  OK  ]
Starting SMB services:                              [  OK  ]
Starting NMB services:                              [  OK  ]


Adding initial users with the smbldap-tools: Skip to section 4.1: smbldap-tools and install on node1.

[root@node1 scripts]# cd /opt/IDEALX/sbin/

We must add the root user to start with.

[root@node1 sbin]# ./smbldap-useradd -m -a root
[root@node1 sbin]# ./smbldap-passwd root
Changing password for root
New password :
Retype new password
[root@node1 ]# smbpasswd -a

New SMB password:
Retype new SMB password:
Added user root.

[root@node1 sbin]# ./smbldap-groupmod -m root Domain\ Admins
adding user root to group Domain Admins
[root@node1 ~]# cd /opt/IDEALX/sbin/
[root@node1 sbin]# ./smbldap-useradd -m -a asender
[root@node1 sbin]#
[root@node1 sbin]# ./smbldap-passwd asender
Changing password for asender
New password :
Retype new password :
[root@node1 sbin]#
[root@node1 sbin]# smbpasswd asender
New SMB password:
Retype new SMB password:
[root@node1 sbin]#
[root@node1 sbin]# id asender
uid=1001(asender) gid=513(Domain Users) groups=513(Domain Users)


You are now ready to join a Windows machine to the domain with user ‘root’.

We will need to setup our BDC, Heartbeat and DRBD to match our configuration.