3.3 LDAP Population
3.3: LDAP population
Now its time to populate the database with our ldif that we edited to match our domain details as per section 3.2: Preload LDIF
Step1
Make sure LDAP is not running.
[root@node1]# vi /var/lib/ldap/DB_CONFIG
#DB_CONFIG set_cachesize 0 150000000 1 set_lg_regionmax 262144 set_lg_bsize 2097152 set_flags DB_LOG_AUTOREMOVE
Step2.
This step is necessary if you are using delta-syncrepl as per section 2.1.2: slapd.conf Master delta-syncrepl Openldap2.3.
Because we are using multiple databases on the Provider it is nessassary to place an additional DB_CONFIG file insite the database directory.
[root@node1]# mkdir /var/lib/ldap/accesslog
[root@node1]# cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog
Step3.
[root@node1]# cd /ldap-scripts/
[root@node1 scripts]# slapadd –b "dc=differentialdesign,dc=org" -v -l preload-differentialdesign.ldif added: "dc=differentialdesign,dc=org" (00000001) added: "cn=Manager,dc=differentialdesign,dc=org" (00000002) added: "cn=syncuser,dc=differentialdesign,dc=org" (00000003) added: "cn=sambaadmin,dc=differentialdesign,dc=org" (00000004) added: "cn=mailadmin,dc=differentialdesign,dc=org" (00000005) added: "ou=Users,dc=differentialdesign,dc=org" (00000006) added: "ou=People,ou=Users,dc=differentialdesign,dc=org" (00000007) added: "ou=Computers,ou=Users,dc=differentialdesign,dc=org" (00000008) added: "ou=Groups,dc=differentialdesign,dc=org" (00000009) added: "ou=Domains,dc=differentialdesign,dc=org" (0000000a) added: "sambaDomainName=DDESIGN,ou=Domains,dc=differentialdesign,dc=org" (0000000b) added: "cn=Domain Admins,ou=Groups,dc=differentialdesign,dc=org" (0000000c) added: "cn=Domain Users,ou=Groups,dc=differentialdesign,dc=org" (0000000d) added: "cn=Domain Guests,ou=Groups,dc=differentialdesign,dc=org" (0000000e) added: "cn=Domain Computers,ou=Groups,dc=differentialdesign,dc=org" (000000f) added: "cn=Administrators,ou=Groups,dc=differentialdesign,dc=org" (00000010) added: "cn=Account Operators,ou=Groups,dc=differentialdesign,dc=org" (00000011) added: "cn=Print Operators,ou=Groups,dc=differentialdesign,dc=org" (00000012) added: "cn=Backup Operators,ou=Groups,dc=differentialdesign,dc=org" (00000013) added: "cn=Replicators,ou=Groups,dc=differentialdesign,dc=org" (00000014)
Step4.
[root@node1]# chown –R ldap.ldap /var/lib/ldap
Step5.
The user to bind Samba to LDAP is defined in our smb.conf; this is sambaadmin’s password as set in samba preload-differentialdesign.ldif.
The entry in the preload-differentialdesign.ldif sambaadmin has a password “SambaAdmin”
dn: cn=sambaadmin,dc=differentialdesign,dc=org objectClass: person cn: sambaadmin sn: sambaadmin userPassword: SambaAdmin
[root@node1 scripts]# smbpasswd -w SambaAdmin Setting stored password for "cn=sambaadmin,dc=differentialdesign,dc=org" in secrets.tdb
[root@node1 ~]# service ldap restart Stopping slapd: [ OK ] Stopping slurpd: [ OK ] Checking configuration files for slapd: config file testing succeeded [ OK ] Starting slapd: [ OK ] Starting slurpd: [ OK ] [root@node1 ~]# service smb restart Shutting down SMB services: [ OK ] Shutting down NMB services: [ OK ] Starting SMB services: [ OK ] Starting NMB services: [ OK ]
Step6.
Adding initial users with the smbldap-tools: Skip to section 4.1: smbldap-tools and install on node1.
[root@node1 scripts]# cd /opt/IDEALX/sbin/
We must add the root user to start with.
[root@node1 sbin]# ./smbldap-useradd -m -a root [root@node1 sbin]# ./smbldap-passwd root Changing password for root New password : Retype new password
[root@node1 ]# smbpasswd -a New SMB password: Retype new SMB password: Added user root. [root@node1 sbin]# ./smbldap-groupmod -m root Domain\ Admins adding user root to group Domain Admins
[root@node1 ~]# cd /opt/IDEALX/sbin/ [root@node1 sbin]# ./smbldap-useradd -m -a asender [root@node1 sbin]#
[root@node1 sbin]# ./smbldap-passwd asender Changing password for asender New password : Retype new password : [root@node1 sbin]#
[root@node1 sbin]# smbpasswd asender New SMB password: Retype new SMB password: [root@node1 sbin]#
[root@node1 sbin]# id asender uid=1001(asender) gid=513(Domain Users) groups=513(Domain Users)
Step7
You are now ready to join a Windows machine to the domain with user ‘root’.
We will need to setup our BDC, Heartbeat and DRBD to match our configuration.