15.5. Alternative LDAP Database Initialization The following procedure may be used as an alternative means of configuring the initial LDAP database. Many administrators prefer to have greater control over how system files get configured. 15.5.1. Initialization of the LDAP Database The first step to get the LDAP server ready for action is to create the LDIF file from which the LDAP database will be preloaded. This is necessary to create the containers into which the user, group, and other accounts are written. It is also necessary to preload the well-known Windows NT Domain Groups, as they must have the correct SID so that they can be recognized as special NT Groups by the MS Windows clients. LDAP DIRECTORY PRE-LOAD STEPS 1. | Create a directory in which to store the files you use to generate the LDAP LDIF file for your system. Execute the following:
root# mkdir /etc/openldap/SambaInit root# chown root:root /etc/openldap/SambaInit root# chmod 700 /etc/openldap/SambaInit
| 2. | Install the files shown in Example 15.5.1, Example 15.5.2, and Example 15.5.3 into the directory /etc/openldap/SambaInit/SMBLDAP-ldif-preconfig.sh. These three files are, respectively, parts A, B, and C of the SMBLDAP-ldif-preconfig.sh file.
| 3. | Install the files shown in Example 15.5.4 and Example 15.5.5 into the directory /etc/openldap/SambaInit/nit-ldif.pat. These two files are parts A and B, respectively, of the init-ldif.pat file.
| 4. | Change to the /etc/openldap/SambaInit directory. Execute the following:
root# ./SMBLDAP-ldif-preconfig.sh How do you wish to refer to your organization? Suggestions: Black Tire Company, Inc. Cat With Hat Ltd. How would you like your organization name to appear? Your organization name is: My Organization Enter a new name is this is not what you want, press Enter to Continue. Name [My Organization]: Abmas Inc. Samba Config File Location [/etc/samba/smb.conf]: Enter a new full path or press Enter to continue. Samba Config File Location [/etc/samba/smb.conf]: Domain Name: MEGANET2 Domain SID: S-1-5-21-3504140859-1010554828-2431957765 The name of your Internet domain is now needed in a special format as follows, if your domain name is mydomain.org, what we need is the information in the form of: Domain ID: mydomain Top level: org If your fully qualified hostname is: snoopy.bazaar.garagesale.net where "snoopy" is the name of the machine, Then the information needed is: Domain ID: garagesale Top Level: net Found the following domain name: abmas.biz I think the bit we are looking for might be: abmas Enter the domain name or press Enter to continue: The top level organization name I will use is: biz Enter the top level org name or press Enter to continue: root#
This creates a file called MEGANET2.ldif.
| 5. | It is now time to preload the LDAP database with the following command:
root# slapadd -v -l MEGANET2.ldif added: "dc=abmas,dc=biz" (00000001) added: "cn=Manager,dc=abmas,dc=biz" (00000002) added: "ou=People,dc=abmas,dc=biz" (00000003) added: "ou=Computers,dc=abmas,dc=biz" (00000004) added: "ou=Groups,dc=abmas,dc=biz" (00000005) added: "ou=Domains,dc=abmas,dc=biz" (00000006) added: "sambaDomainName=MEGANET2,ou=Domains,dc=abmas,dc=biz" (00000007) added: "cn=domadmins,ou=Groups,dc=abmas,dc=biz" (00000008) added: "cn=domguests,ou=Groups,dc=abmas,dc=biz" (00000009) added: "cn=domusers,ou=Groups,dc=abmas,dc=biz" (0000000a)
You should verify that the account information was correctly loaded by executing:
root# slapcat dn: dc=abmas,dc=biz objectClass: dcObject objectClass: organization dc: abmas o: Abmas Inc. description: Posix and Samba LDAP Identity Database structuralObjectClass: organization entryUUID: af552f8e-c4a1-1027-9002-9421e01bf474 creatorsName: cn=manager,dc=abmas,dc=biz modifiersName: cn=manager,dc=abmas,dc=biz createTimestamp: 20031217055747Z modifyTimestamp: 20031217055747Z entryCSN: 2003121705:57:47Z#0x0001#0#0000 ... dn: cn=domusers,ou=Groups,dc=abmas,dc=biz objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 513 cn: domusers sambaSID: S-1-5-21-3504140859-1010554828-2431957765-513 sambaGroupType: 2 displayName: Domain Users description: Domain Users structuralObjectClass: posixGroup entryUUID: af7e98ba-c4a1-1027-900b-9421e01bf474 creatorsName: cn=manager,dc=abmas,dc=biz modifiersName: cn=manager,dc=abmas,dc=biz createTimestamp: 20031217055747Z modifyTimestamp: 20031217055747Z entryCSN: 2003121705:57:47Z#0x000a#0#0000
| 6. | Your LDAP database is ready for testing. You can now start the LDAP server using the system tool for your Linux operating system. For SUSE Linux, you can do this as follows:
root# rcldap start
| 7. | It is now a good idea to validate that the LDAP server is running correctly. Execute the following:
root# ldapsearch -x -b "dc=abmas,dc=biz" "(ObjectClass=*)" # extended LDIF # # LDAPv3 # base <dc=abmas,dc=biz> with scope sub # filter: (ObjectClass=*) # requesting: ALL # # abmas.biz dn: dc=abmas,dc=biz objectClass: dcObject objectClass: organization dc: abmas o: Abmas Inc. description: Posix and Samba LDAP Identity Database ... # domusers, Groups, abmas.biz dn: cn=domusers,ou=Groups,dc=abmas,dc=biz objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 513 cn: domusers sambaSID: S-1-5-21-3504140859-1010554828-2431957765-513 sambaGroupType: 2 displayName: Domain Users description: Domain Users # search result search: 2 result: 0 Success # numResponses: 11 # numEntries: 10
Your LDAP server is ready for creation of additional accounts.
|
|
