The SAMBA-LDAP-PDC Howto

4

Revision : 1.24

Configuring OpenLDAP

You’ll need to configure your OpenLDAP server to serve as SAM database for Samba-2.2.4.
Following our context example, we must to configure it to :
• accept the Samba-2.2.4 LDAP v3 schema,
• run on the base DN dc=IDEALX,dc=ORG,
• contain the minimal entries needed to start using it.
For the needs of this HOWTO example, we have used the following LDAP tree :
(using Relative DN notation)
dc=IDEALX,dc=ORG
|
‘--- ou=Users :
to store user accounts (both posixAccount and
|
sambaAccount) for Unix and Windows systems
|
‘--- ou=Computers : to store computer accounts (sambaAccount) for Windows
|
systems
|
‘--- ou=Groups :
to store system groups (posixGroup) for Unix and Windows
systems (or for any other LDAP-aware systems)

You may choose to use another LDAP tree to store objects : for example, all accounts
(shadowAccounts and sambaAccounts) ”under” the same DN. We tought it was simplier to
understand like this (and was not a problem for an Unix-nss ldap do deal with).
Additionnaly, using shadowAccount is not mandatory : if you don’t use shadow password on
you Unix systems, you should use posixAccounts instead.
Using Samba-2.2.4 and OpenLDAP, we will store :
• Windows user accounts using sambaAccount object class (samba.schema),
• Windows computer accounts (ie. workstations) using sambaAccount object class,
• Unix-only user accounts using shadowAccount object class (nis.schema)

11 ,

• Users groups (Windows and Unix, as it seems there is no difference in Samba release
2.2.412 using posixGroup object class.
11

as we already saw, using shadowAccount is not mandatory : if you don’t use shadow suite passwords, you
just need posixAccount
12
It’s not the same using SAMBA-TNG, who use sambaGroups and other specific object classes

page 9/56