[OpenIndiana-discuss] Could not setup LDAP for SAMBA

IVO GELOV (CRM) ivo at crm.walltopia.com
Tue Mar 6 19:46:55 UTC 2012


I have applied your settings, restarted ldapclient and started SLAPD in debug mode (-d 10)
so I can monitor the console - but when I issue "getent passwd administration", there is
no change on the debug output, and that means "getent" does not even attempt to
connect to LDAP server ...

On Tue, 06 Mar 2012 21:17:09 +0200, Jonathan Adams <t12nslookup at gmail.com> wrote:

> my auth from my slapd.conf:
>
> access to dn.base="" by * read
> #
> access to attrs=userPassword,sambaLMPassword,sambaNTPassword
>         by self         write
>         by dn="cn=samba_admin,ou=People,dc=domain,dc=com"   read
>         by anonymous    auth
>         by *            none
> #
> access to *
>         by *            read
>
> my /var/ldap/ldap_client_file:
>
> NS_LDAP_FILE_VERSION= 2.0
> NS_LDAP_SERVERS= 127.0.0.1
> NS_LDAP_SEARCH_BASEDN= dc=domain,dc=com
> NS_LDAP_AUTH= simple
> NS_LDAP_CACHETTL= 43200
> NS_LDAP_PROFILE= default
> NS_LDAP_CREDENTIAL_LEVEL= proxy
> NS_LDAP_SERVICE_SEARCH_DESC= auto_home:nisMapName=auto_home,dc=domain,dc=com
> NS_LDAP_ATTRIBUTEMAP= automount:automountKey=cn
> NS_LDAP_ATTRIBUTEMAP= automount:automountInformation=nisMapEntry
> NS_LDAP_ATTRIBUTEMAP= automount:automountMapName=nisMapName
> NS_LDAP_OBJECTCLASSMAP= automount:automount=nisObject
> NS_LDAP_OBJECTCLASSMAP= automount:automountMap=nisMap
>
> I don't believe you will want any of the automount stuff, we use
> profiles and I've changed the LDAP_SERVERS list so that it doesn't
> have all 30 machines in it (we also have syncrepl enabled with chains
> to replicas) :)
>
> not sure if the access stuff makes any difference.
>
> you might want to change your bind auth to simple ...
>
> you shouldn't need to put any users in your /etc/passwd.
>
> Jon



More information about the OpenIndiana-discuss mailing list