- 1 Setting up Samba4 against an OpenLDAP installation
Setting up Samba4 against an OpenLDAP installation
Before you decide on using OpenLDAP as the backend for Samba4, you should take a look at the limitations of this approach described in Samba4/LDAP Backend. Note that you cannot point Samba4 to your existing OpenLDAP server and expect things to work. The instructions on this page are for configuring a 'captive' OpenLDAP server that is for use by Samba4 only.
This guide presumes you are running OpenLDAP CVS HEAD from after 22 April 2010 (or a release after that date)
You will need the Cyrus SASL library and development headers installed
You need the 'deref' and 'rdnval' overlay. This may be in your packaged version, but if not your must rebuild.
To get OpenLDAP from CVS run:
CVSROOT=:pserver:anonymous@cvs.OpenLDAP.org:/repo/OpenLDAP export CVSROOT cvs login
You will need to enter at the prompt:
Password: (enter OpenLDAP)
Then check out the tree
cvs -z3 checkout -P openldap
Then change to the newly created 'openldap' directory:
To update your OpenLDAP checkout (discarding local conflicts) from CVS run:
( cvs -z9 update -dP 2>&1 | grep ^C | cut -b3-| xargs rm cvs -z9 update -dP )
Building the OpenLDAP core
To build it run:
( CFLAGS="-fno-omit-frame-pointer" `dirname $0`/configure --with-cyrus-sasl --enable-overlays=mod --enable-modules || exit 1 make clean all AC_CFLAGS=-g || exit 1 )
To install it run:
su ( make install STRIP= || exit 1 )
Building and installing the extra overlays
To build it (after installing the OpenLDAP core above) run:
( ( cd contrib/slapd-modules/samba4 && make clean all AC_CFLAGS=-g) || exit 1 )
To install it run:
su ( ( cd contrib/slapd-modules/samba4 && make install STRIP=) || exit 1 )
Check out Samba4 from Samba.org's anonymous rsync server.
Note: These instructions are kept in line with movements in the GIT tree - use of an alpha tarball may not work with these instructions
rsync -a ftp.samba.org::ftp/pub/unpacked/samba_4_0_test/ SAMBA_4_0
Build samba4, with --enable-developer to get appropriate warnings and debug symbols:
( cd SAMBA_4_0/source ./autogen.sh ./configure --enable-developer make make install )
( cd SAMBA_4_0/source setup/provision --realm=LDAP.SAMBA.EXAMPLE.COM --domain=LDAP \ --server-role='domain controller' --ldap-backend-type=openldap --slapd-path=/usr/local/libexec/slapd )
The ACL in this example slapd.conf sets restricted access to all entries. You can change this to allow direct access for administrative purposes, but for now this is a secure example, and avoids unintended writes to the database (ie, not via Samba).
Note if you have the error "LDAP error 8 LDAP_STRONG_AUTH_REQUIRED" it's because you didn't have cyrus sasl, install the libraries and the headers, recompile openldap and retry.
Start Samba4 on host linux1
smbd -i -M single -d3