Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 2

Previous Tutorial : Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 1, Installing Base System & Configuring Samba
Samba PDC for Linux & Windows Client
On previous tutorial, we have installing base system and setting up Samba configuration. Now, we will go to LDAP configuration.
LDAP on openSUSE 11.1 has a different style than the previous setting on openSUSE 10.3. openSUSE 11.1 use the dynamic configuration so the LDAP setting itself will be saved on LDAP database as described on YAST LDAP configuration :

#
# Note: The OpenLDAP configuration has been created by YaST. YaST does not
#       use /etc/openldap/slapd.conf to store the OpenLDAP configuration anymore.
#       YaST uses OpenLDAP’s dynamic configuration database (back-config) to
#       store the LDAP server’s configuration.
#       For details about the dynamic configuration backend please see the
#       slapd-config(5) manpage or the OpenLDAP Software 2.4 Administrator’s Guide
#       located at /usr/share/doc/packages/openldap2/guide/admin/guide.html
#       on this system.

What make me confused on the first attempt configuring LDAP on openSUSE 11.1 are the problem while trying to get nis.schema work. It has conflict with the built in rfc2307bis.schema. Trying to replace the nis.schema into rfc2307bis.schema bring me into another problem. AFAIK, YAST didn’t provide the option to remove rfc2307bis.schema and replace it with nis.schema (Actually, it seems that rfc2307bis.schema is an update version from nis.schema but it has not fully compatible with another configuration using nis.schema), so I decided to use the manual configuration and will not use configuration option with YAST menu.
In an email from openSUSE mailing list, I’ve read that we may also using the files configuration with YAST by change the setting OPENLDAP_CONFIG_BACKEND = “files” on /etc/sysconfig/openldap and then make a changes to /etc/openldap/slapd.conf.
In this tutorial, I’ll be using manual configuration without YAST menu and use nis.schema.

  1. Create an LDAP configuration  /etc/openldap/slapd.conf with the following content :
    [code language=’cpp’]
    include /etc/openldap/schema/core.schema
    include /etc/openldap/schema/cosine.schema
    include /etc/openldap/schema/inetorgperson.schema
    include /etc/openldap/schema/nis.schema
    include /etc/openldap/schema/samba3.schema
    modulepath /usr/lib/openldap/modules/
    # moduleload back_bdb.la
    pidfile /var/run/slapd/slapd.pid
    argsfile /var/run/slapd/slapd.args
    # Samba Primary Database vavai.net
    database bdb
    suffix “dc=vavai,dc=net”
    directory /var/lib/ldap
    rootdn “cn=Manager,dc=vavai,dc=net”
    rootpw zezevavai26032006
    index entryCSN eq
    index entryUUID eq
    #access to attrs=userPassword,sambaLMPassword,sambaNTPassword
    # by self write
    # by dn=”cn=Manager,dc=vavai,dc=net” write
    # by * auth
    #access to *
    # by dn=”cn=Manager,dc=vavai,dc=net” write
    # by * read
    # Indices to maintain
    index objectClass eq
    index cn pres,sub,eq
    index sn pres,sub,eq
    index uid pres,sub,eq
    index displayName pres,sub,eq
    index uidNumber eq
    index gidNumber eq
    index memberUID eq
    index sambaSID eq
    index sambaPrimaryGroupSID eq
    index sambaDomainName eq
    index default sub
    [/code]
  2. Create /etc/ldap.conf configuration :
    [code language=’cpp’]
    # LDAP Master
    host server.vavai.net
    base dc=vavai,dc=net
    binddn cn=Manager,dc=vavai,dc=net
    bindpw zezevavai26032006
    bind_policy soft
    pam_password exop
    nss_base_passwd ou=People,ou=Users,dc=vavai,dc=net?one
    nss_base_shadow ou=People,ou=Users,dc=vavai,dc=net?one
    nss_base_passwd ou=Computers,ou=Users,dc=vavai,dc=net?one
    nss_base_shadow ou=Computers,ou=Users,dc=vavai,dc=net?one
    nss_base_group ou=Groups,dc=vavai,dc=net?one
    ssl no
    [/code]
  3. Create /etc/nsswitch.conf :
    [code language=’cpp’]
    passwd: files ldap
    shadow: files ldap
    group: files ldap
    hosts: files dns wins
    networks: files dns
    [/code]
  4. Create /var/lib/ldap/DB_CONFIG
    [code language=’cpp’]
    set_cachesize 0 150000000 1
    set_lg_regionmax 262144
    set_lg_bsize 2097152
    set_flags DB_LOG_AUTOREMOVE
    [/code]
  5. Create an ldif file to fill the initial LDAP database. Saved it as domainname.ldif (in my case : vavai.ldif) and then copy-paste the following content. Don’t forget to replace S-1-2-33-4444444444-5555555555-6666666666 with your Samba SID (See previous tutorial)
    [code language=’cpp’]
    # LDAP INITIAL DATA
    # SID S-1-2-33-4444444444-5555555555-6666666666.
    dn: dc=vavai,dc=net
    objectClass: dcObject
    objectClass: organization
    dc: vavai
    o: VAVAI
    description: Posix and Samba LDAP Identity Database
    dn: cn=Manager,dc=vavai,dc=net
    objectClass: organizationalRole
    cn: Manager
    description: Directory Manager
    dn: cn=syncuser,dc=vavai,dc=net
    objectClass: person
    cn: syncuser
    sn: syncuser
    userPassword: SyncUser
    dn: cn=sambaadmin,dc=vavai,dc=net
    objectClass: person
    cn: sambaadmin
    sn: sambaadmin
    userPassword: SambaAdmin
    dn: cn=mailadmin,dc=vavai,dc=net
    objectClass: person
    cn: mailadmin
    sn: mailadmin
    userPassword: MailAdmin
    dn: ou=Users,dc=vavai,dc=net
    objectClass: top
    objectClass: organizationalUnit
    ou: Users
    dn: ou=People,ou=Users,dc=vavai,dc=net
    objectClass: top
    objectClass: organizationalUnit
    ou: People
    dn: ou=Computers,ou=Users,dc=vavai,dc=net
    objectClass: top
    objectClass: organizationalUnit
    ou: Computers
    dn: ou=Groups,dc=vavai,dc=net
    objectClass: top
    objectClass: organizationalUnit
    ou: Groups
    dn: ou=Domains,dc=vavai,dc=net
    objectClass: top
    objectClass: organizationalUnit
    ou: Domains
    dn: sambaDomainName=VAVAI.NET,ou=Domains,dc=vavai,dc=net
    objectClass: sambaDomain
    objectClass: sambaUnixIdPool
    uidNumber: 1000
    gidNumber: 1000
    sambaDomainName: VAVAI.NET
    sambaSID: S-1-2-33-4444444444-5555555555-6666666666
    sambaAlgorithmicRidBase: 1000
    structuralObjectClass: sambaDomain
    dn: cn=Domain Admins,ou=Groups,dc=vavai,dc=net
    objectClass: posixGroup
    objectClass: sambaGroupMapping
    gidNumber: 512
    cn: Domain Admins
    sambaSID: S-1-2-33-4444444444-5555555555-6666666666-512
    sambaGroupType: 2
    displayName: Domain Admins
    description: Domain Administrators
    dn: cn=Domain Users,ou=Groups,dc=vavai,dc=net
    objectClass: posixGroup
    objectClass: sambaGroupMapping
    gidNumber: 513
    cn: Domain Users
    sambaSID: S-1-2-33-4444444444-5555555555-6666666666-513
    sambaGroupType: 2
    displayName: Domain Users
    description: Domain Users
    dn: cn=Domain Guests,ou=Groups,dc=vavai,dc=net
    objectClass: posixGroup
    objectClass: sambaGroupMapping
    gidNumber: 514
    cn: Domain Guests
    sambaSID: S-1-2-33-4444444444-5555555555-6666666666-514
    sambaGroupType: 2
    displayName: Domain Guests
    description: Domain Guests
    dn: cn=Domain Computers,ou=Groups,dc=vavai,dc=net
    objectClass: posixGroup
    objectClass: sambaGroupMapping
    gidNumber: 515
    cn: Domain Computers
    sambaSID: S-1-2-33-4444444444-5555555555-6666666666-515
    sambaGroupType: 2
    displayName: Domain Computers
    description: Domain Computers
    dn: cn=Administrators,ou=Groups,dc=vavai,dc=net
    objectClass: posixGroup
    objectClass: sambaGroupMapping
    gidNumber: 544
    cn: Administrators
    sambaSID: S-1-2-33-4444444444-5555555555-6666666666-544
    sambaGroupType: 5
    displayName: Administrators
    description: Administrators
    dn: cn=Account Operators,ou=Groups,dc=vavai,dc=net
    objectClass: posixGroup
    objectClass: sambaGroupMapping
    gidNumber: 548
    cn: Account Operators
    sambaSID: S-1-2-33-4444444444-5555555555-6666666666-548
    sambaGroupType: 5
    displayName: Account Operators
    description: Account Operators
    dn: cn=Print Operators,ou=Groups,dc=vavai,dc=net
    objectClass: posixGroup
    objectClass: sambaGroupMapping
    gidNumber: 550
    cn: Print Operators
    sambaSID: S-1-2-33-4444444444-5555555555-6666666666-550
    sambaGroupType: 5
    displayName: Print Operators
    description: Print Operators
    dn: cn=Backup Operators,ou=Groups,dc=vavai,dc=net
    objectClass: posixGroup
    objectClass: sambaGroupMapping
    gidNumber: 551
    cn: Backup Operators
    sambaSID: S-1-2-33-4444444444-5555555555-6666666666-551
    sambaGroupType: 5
    displayName: Backup Operators
    description: Backup Operators
    dn: cn=Replicators,ou=Groups,dc=vavai,dc=net
    objectClass: posixGroup
    objectClass: sambaGroupMapping
    gidNumber: 552
    cn: Replicators
    sambaSID: S-1-2-33-4444444444-5555555555-6666666666-552
    sambaGroupType: 5
    displayName: Replicators
    description: Replicators
    [/code]
  6. Import the LDIF file into LDAP database with the following command (don’t forget to replace vavai.ldif with your own) :
    [code language=’cpp’]
    slapadd -v -l vavai.ldif -f /etc/openldap/slapd.conf
    [/code]
    It should be response with the process information as below :

    added: “dc=vavai,dc=net” (00000001)
    added: “cn=Manager,dc=vavai,dc=net” (00000002)
    added: “cn=syncuser,dc=vavai,dc=net” (00000003)
    added: “cn=sambaadmin,dc=vavai,dc=net” (00000004)
    added: “cn=mailadmin,dc=vavai,dc=net” (00000005)
    added: “ou=Users,dc=vavai,dc=net” (00000006)
    added: “ou=People,ou=Users,dc=vavai,dc=net” (00000007)
    added: “ou=Computers,ou=Users,dc=vavai,dc=net” (00000008)
    added: “ou=Groups,dc=vavai,dc=net” (00000009)
    added: “ou=Domains,dc=vavai,dc=net” (0000000a)
    added: “sambaDomainName=VAVAI.NET,ou=Domains,dc=vavai,dc=net” (0000000b)
    added: “cn=Domain Admins,ou=Groups,dc=vavai,dc=net” (0000000c)
    added: “cn=Domain Users,ou=Groups,dc=vavai,dc=net” (0000000d)
    added: “cn=Domain Guests,ou=Groups,dc=vavai,dc=net” (0000000e)
    added: “cn=Domain Computers,ou=Groups,dc=vavai,dc=net” (0000000f)
    added: “cn=Administrators,ou=Groups,dc=vavai,dc=net” (00000010)
    added: “cn=Account Operators,ou=Groups,dc=vavai,dc=net” (00000011)
    added: “cn=Print Operators,ou=Groups,dc=vavai,dc=net” (00000012)
    added: “cn=Backup Operators,ou=Groups,dc=vavai,dc=net” (00000013)
    added: “cn=Replicators,ou=Groups,dc=vavai,dc=net” (00000014)

    If you found an error while trying to import the ldif file, check your ldif file to see if there’s a typo.

  7. Setting up the owner for LDAP folder :
    [code language=’cpp’]
    chown -R ldap.ldap /var/lib/ldap/
    [/code]
  8. Create Samba primary password
    [code language=’cpp’]
    smbpasswd -w zezevavai26032006
    [/code]
  9. Samba should be response with the following message :
    Setting stored password for “cn=sambaadmin,dc=vavai,dc=net” in secrets.tdb

We will continue to next article : Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 3, Setting up smbldap-tools and LAM (LDAP Accounts Manager)

7 thoughts on “Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 2

  1. Hi, i’m stuck on:
    slapadd -v -l vavai.ldif -f /etc/openldap/slapd.conf
    part…it produces this kind of error
    bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
    => bdb_tool_entry_put: id2entry_add failed: DB_KEYEXIST: Key/data pair already exists (-30996)
    => bdb_tool_entry_put: txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996)
    slapadd: could not add entry dn=”dc=aaisi,dc=ph” (line=1): txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996)
    _# 5.46% eta none elapsed none spd 115.4 k/s

  2. Hi, i’m stuck on:
    slapadd -v -l vavai.ldif -f /etc/openldap/slapd.conf
    part…it produces this kind of error
    bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
    => bdb_tool_entry_put: id2entry_add failed: DB_KEYEXIST: Key/data pair already exists (-30996)
    => bdb_tool_entry_put: txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996)
    slapadd: could not add entry dn=”dc=aaisi,dc=ph” (line=1): txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996)
    _# 5.46% eta none elapsed none spd 115.4 k/s

  3. Hi! Also stuck on slapadd command. The message I get is: bdb_db_open: database “dc=dflti,dc=local”: database already in use.
    backend_startup_one (type=bdb, suffix=”dc=dflti,dc=local”): bi_db_open failed! (-1)
    slap_startup failed
    Any ideas???

  4. Hi! Also stuck on slapadd command. The message I get is: bdb_db_open: database “dc=dflti,dc=local”: database already in use.
    backend_startup_one (type=bdb, suffix=”dc=dflti,dc=local”): bi_db_open failed! (-1)
    slap_startup failed
    Any ideas???

Leave a Reply

Your email address will not be published. Required fields are marked *