1Samba4 OpenLDAP-Backend Quick-Howto 2==================================== 3 4oliver@itc.li - August 2009 5 6 7This Mini-Howto describes in a very simplified way 8how to setup Samba 4 (S4) (pre)Alpha 9 with the 9OpenLDAP (OL) -Backend. 10Use of OpenLDAP >= 2.4.17 is strongly recommended. 11 12 131.) Download and compile OpenLDAP. 14 15The use of (older) Versions shipped with Distributions often 16causes trouble, so dont use them. Configure-Example: 17 18#> ./configure --enable-overlays=yes --with-tls=yes --with-cyrus-sasl=yes 19#> make depend && make && make install 20 21Note: openssl and cyrus-sasl libs should be installed 22before compilation. 23 24 25 26 272.) Final provision: 28 29(you can add --adminpass=<yourpass> to the parameters, 30otherwise a random password will be generated for 31cn=Administrator,cn=users,<Your Base-DN>): 32 33#> setup/provision \ 34 --ldap-backend-type=openldap \ 35 --ol-slapd="/usr/local/libexec/slapd" 36 --username=samba-admin --realm=ldap.local.site \ 37 --domain=LDAP --server-role='domain controller'\ 38 --adminpass=linux 39 40At the End of the final provision you should get 41the following output (only partial here). Read it carefully: 42 43-------- 44... 45A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf 46 47Use later the following commandline to start slapd, then Samba: 48/usr/local/libexec/slapd -f /usr/local/samba/private/ldap/slapd.conf -h ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi 49 50This slapd-Commandline is also stored under: /usr/local/samba/private/ldap/slapd_command_file.sh 51Please install the phpLDAPadmin configuration located at /usr/local/samba/private/phpldapadmin-config.php into /etc/phpldapadmin/config.php 52Once the above files are installed, your Samba4 server will be ready to use 53Server Role: domain controller 54Hostname: ldapmaster 55NetBIOS Domain: LDAP 56DNS Domain: ldap.local.site 57DOMAIN SID: S-1-5-21-429312062-2328781357-2130201529 58Admin password: linux 59 60-------- 61 62Our slapd in "provision-mode" wiil be shut down automatically 63after final provision ends. 64 65 663.) Run OL and S4: 67 68After you completed the other necessary steps (krb and named-specific), 69start first OL with the commandline displayed in the output under (3), 70(remember: the slapd-Commandline is also stored in the file ../slapd_command_file.sh) 71then S4. 72 73 74 754.) Special Setup-Types: 76 77OpenLDAP-Online Configuration is now in use by default (olc): 78 79The olc will be setup automatically 80under ../private/slapd.d/. 81olc is accessible via "cn=samba-admin,cn=samba" and Base-DN "cn=config" 82olc is intended primarily for use in conjunction with MMR 83 84Attention: You have to start OL with the commandline 85displayed in the output under (3), but you have to set a 86listening port of slapd manually: 87 88(e.g. -h ldap://ldapmaster.ldap.local.site:9000) 89 90Attention: You _should_not_ edit the olc-Sections 91"config" and "ldif", as these are vital to the olc itself. 92 93 94b) MultiMaster-Configuration (MMR): 95At this time (S4 (pre)Alpha9) the only possible Replication setup. 96Use the provision Parameter: 97 98 --ol-mmr-urls=<list of whitespace separated ldap-urls (and Ports <> 389!). 99 100e.g.: 101--ol-mmr-urls="ldap://ldapmaster1.ldap.local.site:9000 \ 102 ldap://ldapmaster2.ldap.local.site:9000" 103 104Attention: You have to start OL with the commandline 105displayed in the output under (3), but you have to set a 106listening port of slapd manually 107(e.g. -h ldap://ldapmaster1.ldap.local.site:9000) 108 109The Ports must be different from 389, as these are occupied by S4. 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130