Previous Tutorial : Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 1, Installing Base System & Configuring Samba
On previous tutorial, we have installing base system and setting up Samba configuration. Now, we will go to LDAP configuration.
LDAP on openSUSE 11.1 has a different style than the previous setting on openSUSE 10.3. openSUSE 11.1 use the dynamic configuration so the LDAP setting itself will be saved on LDAP database as described on YAST LDAP configuration :
#
# Note: The OpenLDAP configuration has been created by YaST. YaST does not
#Â Â Â Â Â Â use /etc/openldap/slapd.conf to store the OpenLDAP configuration anymore.
#Â Â Â Â Â Â YaST uses OpenLDAP’s dynamic configuration database (back-config) to
#Â Â Â Â Â Â store the LDAP server’s configuration.
#Â Â Â Â Â Â For details about the dynamic configuration backend please see the
#Â Â Â Â Â Â slapd-config(5) manpage or the OpenLDAP Software 2.4 Administrator’s Guide
#Â Â Â Â Â Â located at /usr/share/doc/packages/openldap2/guide/admin/guide.html
#Â Â Â Â Â Â on this system.
What make me confused on the first attempt configuring LDAP on openSUSE 11.1 are the problem while trying to get nis.schema work. It has conflict with the built in rfc2307bis.schema. Trying to replace the nis.schema into rfc2307bis.schema bring me into another problem. AFAIK, YAST didn’t provide the option to remove rfc2307bis.schema and replace it with nis.schema (Actually, it seems that rfc2307bis.schema is an update version from nis.schema but it has not fully compatible with another configuration using nis.schema), so I decided to use the manual configuration and will not use configuration option with YAST menu.
In an email from openSUSE mailing list, I’ve read that we may also using the files configuration with YAST by change the setting OPENLDAP_CONFIG_BACKEND = “files” on /etc/sysconfig/openldap and then make a changes to /etc/openldap/slapd.conf.
In this tutorial, I’ll be using manual configuration without YAST menu and use nis.schema.
- Create an LDAP configuration /etc/openldap/slapd.conf with the following content :
[code language=’cpp’]
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba3.schema
modulepath /usr/lib/openldap/modules/
# moduleload back_bdb.la
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
# Samba Primary Database vavai.net
database bdb
suffix “dc=vavai,dc=net”
directory /var/lib/ldap
rootdn “cn=Manager,dc=vavai,dc=net”
rootpw zezevavai26032006
index entryCSN eq
index entryUUID eq
#access to attrs=userPassword,sambaLMPassword,sambaNTPassword
# by self write
# by dn=”cn=Manager,dc=vavai,dc=net” write
# by * auth
#access to *
# by dn=”cn=Manager,dc=vavai,dc=net” write
# by * read
# Indices to maintain
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
[/code] - Create /etc/ldap.conf configuration :
[code language=’cpp’]
# LDAP Master
host server.vavai.net
base dc=vavai,dc=net
binddn cn=Manager,dc=vavai,dc=net
bindpw zezevavai26032006
bind_policy soft
pam_password exop
nss_base_passwd ou=People,ou=Users,dc=vavai,dc=net?one
nss_base_shadow ou=People,ou=Users,dc=vavai,dc=net?one
nss_base_passwd ou=Computers,ou=Users,dc=vavai,dc=net?one
nss_base_shadow ou=Computers,ou=Users,dc=vavai,dc=net?one
nss_base_group ou=Groups,dc=vavai,dc=net?one
ssl no
[/code] - Create /etc/nsswitch.conf :
[code language=’cpp’]
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns wins
networks: files dns
[/code] - Create /var/lib/ldap/DB_CONFIG
[code language=’cpp’]
set_cachesize 0 150000000 1
set_lg_regionmax 262144
set_lg_bsize 2097152
set_flags DB_LOG_AUTOREMOVE
[/code] - Create an ldif file to fill the initial LDAP database. Saved it as domainname.ldif (in my case : vavai.ldif) and then copy-paste the following content. Don’t forget to replace S-1-2-33-4444444444-5555555555-6666666666 with your Samba SID (See previous tutorial)
[code language=’cpp’]
# LDAP INITIAL DATA
# SID S-1-2-33-4444444444-5555555555-6666666666.
dn: dc=vavai,dc=net
objectClass: dcObject
objectClass: organization
dc: vavai
o: VAVAI
description: Posix and Samba LDAP Identity Database
dn: cn=Manager,dc=vavai,dc=net
objectClass: organizationalRole
cn: Manager
description: Directory Manager
dn: cn=syncuser,dc=vavai,dc=net
objectClass: person
cn: syncuser
sn: syncuser
userPassword: SyncUser
dn: cn=sambaadmin,dc=vavai,dc=net
objectClass: person
cn: sambaadmin
sn: sambaadmin
userPassword: SambaAdmin
dn: cn=mailadmin,dc=vavai,dc=net
objectClass: person
cn: mailadmin
sn: mailadmin
userPassword: MailAdmin
dn: ou=Users,dc=vavai,dc=net
objectClass: top
objectClass: organizationalUnit
ou: Users
dn: ou=People,ou=Users,dc=vavai,dc=net
objectClass: top
objectClass: organizationalUnit
ou: People
dn: ou=Computers,ou=Users,dc=vavai,dc=net
objectClass: top
objectClass: organizationalUnit
ou: Computers
dn: ou=Groups,dc=vavai,dc=net
objectClass: top
objectClass: organizationalUnit
ou: Groups
dn: ou=Domains,dc=vavai,dc=net
objectClass: top
objectClass: organizationalUnit
ou: Domains
dn: sambaDomainName=VAVAI.NET,ou=Domains,dc=vavai,dc=net
objectClass: sambaDomain
objectClass: sambaUnixIdPool
uidNumber: 1000
gidNumber: 1000
sambaDomainName: VAVAI.NET
sambaSID: S-1-2-33-4444444444-5555555555-6666666666
sambaAlgorithmicRidBase: 1000
structuralObjectClass: sambaDomain
dn: cn=Domain Admins,ou=Groups,dc=vavai,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 512
cn: Domain Admins
sambaSID: S-1-2-33-4444444444-5555555555-6666666666-512
sambaGroupType: 2
displayName: Domain Admins
description: Domain Administrators
dn: cn=Domain Users,ou=Groups,dc=vavai,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
sambaSID: S-1-2-33-4444444444-5555555555-6666666666-513
sambaGroupType: 2
displayName: Domain Users
description: Domain Users
dn: cn=Domain Guests,ou=Groups,dc=vavai,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 514
cn: Domain Guests
sambaSID: S-1-2-33-4444444444-5555555555-6666666666-514
sambaGroupType: 2
displayName: Domain Guests
description: Domain Guests
dn: cn=Domain Computers,ou=Groups,dc=vavai,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 515
cn: Domain Computers
sambaSID: S-1-2-33-4444444444-5555555555-6666666666-515
sambaGroupType: 2
displayName: Domain Computers
description: Domain Computers
dn: cn=Administrators,ou=Groups,dc=vavai,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 544
cn: Administrators
sambaSID: S-1-2-33-4444444444-5555555555-6666666666-544
sambaGroupType: 5
displayName: Administrators
description: Administrators
dn: cn=Account Operators,ou=Groups,dc=vavai,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 548
cn: Account Operators
sambaSID: S-1-2-33-4444444444-5555555555-6666666666-548
sambaGroupType: 5
displayName: Account Operators
description: Account Operators
dn: cn=Print Operators,ou=Groups,dc=vavai,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 550
cn: Print Operators
sambaSID: S-1-2-33-4444444444-5555555555-6666666666-550
sambaGroupType: 5
displayName: Print Operators
description: Print Operators
dn: cn=Backup Operators,ou=Groups,dc=vavai,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 551
cn: Backup Operators
sambaSID: S-1-2-33-4444444444-5555555555-6666666666-551
sambaGroupType: 5
displayName: Backup Operators
description: Backup Operators
dn: cn=Replicators,ou=Groups,dc=vavai,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 552
cn: Replicators
sambaSID: S-1-2-33-4444444444-5555555555-6666666666-552
sambaGroupType: 5
displayName: Replicators
description: Replicators
[/code] - Import the LDIF file into LDAP database with the following command (don’t forget to replace vavai.ldif with your own) :
[code language=’cpp’]
slapadd -v -l vavai.ldif -f /etc/openldap/slapd.conf
[/code]
It should be response with the process information as below :added: “dc=vavai,dc=net” (00000001)
added: “cn=Manager,dc=vavai,dc=net” (00000002)
added: “cn=syncuser,dc=vavai,dc=net” (00000003)
added: “cn=sambaadmin,dc=vavai,dc=net” (00000004)
added: “cn=mailadmin,dc=vavai,dc=net” (00000005)
added: “ou=Users,dc=vavai,dc=net” (00000006)
added: “ou=People,ou=Users,dc=vavai,dc=net” (00000007)
added: “ou=Computers,ou=Users,dc=vavai,dc=net” (00000008)
added: “ou=Groups,dc=vavai,dc=net” (00000009)
added: “ou=Domains,dc=vavai,dc=net” (0000000a)
added: “sambaDomainName=VAVAI.NET,ou=Domains,dc=vavai,dc=net” (0000000b)
added: “cn=Domain Admins,ou=Groups,dc=vavai,dc=net” (0000000c)
added: “cn=Domain Users,ou=Groups,dc=vavai,dc=net” (0000000d)
added: “cn=Domain Guests,ou=Groups,dc=vavai,dc=net” (0000000e)
added: “cn=Domain Computers,ou=Groups,dc=vavai,dc=net” (0000000f)
added: “cn=Administrators,ou=Groups,dc=vavai,dc=net” (00000010)
added: “cn=Account Operators,ou=Groups,dc=vavai,dc=net” (00000011)
added: “cn=Print Operators,ou=Groups,dc=vavai,dc=net” (00000012)
added: “cn=Backup Operators,ou=Groups,dc=vavai,dc=net” (00000013)
added: “cn=Replicators,ou=Groups,dc=vavai,dc=net” (00000014)If you found an error while trying to import the ldif file, check your ldif file to see if there’s a typo.
- Setting up the owner for LDAP folder :
[code language=’cpp’]
chown -R ldap.ldap /var/lib/ldap/
[/code] - Create Samba primary password
[code language=’cpp’]
smbpasswd -w zezevavai26032006
[/code]
Samba should be response with the following message :
Setting stored password for “cn=sambaadmin,dc=vavai,dc=net” in secrets.tdb
We will continue to next article : Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 3, Setting up smbldap-tools and LAM (LDAP Accounts Manager)
Hi, i’m stuck on:
slapadd -v -l vavai.ldif -f /etc/openldap/slapd.conf
part…it produces this kind of error
bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
=> bdb_tool_entry_put: id2entry_add failed: DB_KEYEXIST: Key/data pair already exists (-30996)
=> bdb_tool_entry_put: txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996)
slapadd: could not add entry dn=”dc=aaisi,dc=ph” (line=1): txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996)
_# 5.46% eta none elapsed none spd 115.4 k/s
Hi, i’m stuck on:
slapadd -v -l vavai.ldif -f /etc/openldap/slapd.conf
part…it produces this kind of error
bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
=> bdb_tool_entry_put: id2entry_add failed: DB_KEYEXIST: Key/data pair already exists (-30996)
=> bdb_tool_entry_put: txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996)
slapadd: could not add entry dn=”dc=aaisi,dc=ph” (line=1): txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996)
_# 5.46% eta none elapsed none spd 115.4 k/s
Hi! Also stuck on slapadd command. The message I get is: bdb_db_open: database “dc=dflti,dc=local”: database already in use.
backend_startup_one (type=bdb, suffix=”dc=dflti,dc=local”): bi_db_open failed! (-1)
slap_startup failed
Any ideas???
Hi! Also stuck on slapadd command. The message I get is: bdb_db_open: database “dc=dflti,dc=local”: database already in use.
backend_startup_one (type=bdb, suffix=”dc=dflti,dc=local”): bi_db_open failed! (-1)
slap_startup failed
Any ideas???