Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 2

Previous Tutorial : Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 1, Installing Base System & Configuring Samba
Samba PDC for Linux & Windows Client
On previous tutorial, we have installing base system and setting up Samba configuration. Now, we will go to LDAP configuration.

LDAP on openSUSE 11.1 has a different style than the previous setting on openSUSE 10.3. openSUSE 11.1 use the dynamic configuration so the LDAP setting itself will be saved on LDAP database as described on YAST LDAP configuration :

#
# Note: The OpenLDAP configuration has been created by YaST. YaST does not
#       use /etc/openldap/slapd.conf to store the OpenLDAP configuration anymore.
#       YaST uses OpenLDAP’s dynamic configuration database (back-config) to
#       store the LDAP server’s configuration.
#       For details about the dynamic configuration backend please see the
#       slapd-config(5) manpage or the OpenLDAP Software 2.4 Administrator’s Guide
#       located at /usr/share/doc/packages/openldap2/guide/admin/guide.html
#       on this system.

What make me confused on the first attempt configuring LDAP on openSUSE 11.1 are the problem while trying to get nis.schema work. It has conflict with the built in rfc2307bis.schema. Trying to replace the nis.schema into rfc2307bis.schema bring me into another problem. AFAIK, YAST didn’t provide the option to remove rfc2307bis.schema and replace it with nis.schema (Actually, it seems that rfc2307bis.schema is an update version from nis.schema but it has not fully compatible with another configuration using nis.schema), so I decided to use the manual configuration and will not use configuration option with YAST menu.

In an email from openSUSE mailing list, I’ve read that we may also using the files configuration with YAST by change the setting OPENLDAP_CONFIG_BACKEND = “files” on /etc/sysconfig/openldap and then make a changes to /etc/openldap/slapd.conf.

In this tutorial, I’ll be using manual configuration without YAST menu and use nis.schema.

Create an LDAP configuration /etc/openldap/slapd.conf with the following content :

include     /etc/openldap/schema/core.schema
include     /etc/openldap/schema/cosine.schema
include     /etc/openldap/schema/inetorgperson.schema
include     /etc/openldap/schema/nis.schema
include     /etc/openldap/schema/samba3.schema
modulepath /usr/lib/openldap/modules/
# moduleload back_bdb.la

pidfile     /var/run/slapd/slapd.pid
argsfile    /var/run/slapd/slapd.args

# Samba Primary Database vavai.net
database    bdb
suffix      "dc=vavai,dc=net"
directory   /var/lib/ldap
rootdn      "cn=Manager,dc=vavai,dc=net"
rootpw      zezevavai26032006
index entryCSN eq
index entryUUID eq

#access to attrs=userPassword,sambaLMPassword,sambaNTPassword
#      by self write
#      by dn="cn=Manager,dc=vavai,dc=net" write
#      by * auth

#access to *
#      by dn="cn=Manager,dc=vavai,dc=net" write
#      by * read

# Indices to maintain
index objectClass             eq
index cn                      pres,sub,eq
index sn                      pres,sub,eq
index uid                     pres,sub,eq
index displayName             pres,sub,eq
index uidNumber               eq
index gidNumber               eq
index memberUID               eq
index sambaSID                eq
index sambaPrimaryGroupSID    eq
index sambaDomainName         eq
index default                 sub

Create /etc/ldap.conf configuration :

# LDAP Master

host    server.vavai.net
base    dc=vavai,dc=net
binddn  cn=Manager,dc=vavai,dc=net
bindpw  zezevavai26032006

bind_policy soft
pam_password exop

nss_base_passwd ou=People,ou=Users,dc=vavai,dc=net?one
nss_base_shadow ou=People,ou=Users,dc=vavai,dc=net?one
nss_base_passwd ou=Computers,ou=Users,dc=vavai,dc=net?one
nss_base_shadow ou=Computers,ou=Users,dc=vavai,dc=net?one
nss_base_group  ou=Groups,dc=vavai,dc=net?one
ssl     no

Create /etc/nsswitch.conf :

passwd:         files ldap
shadow:         files ldap
group:          files ldap

hosts:          files dns wins
networks:       files dns

Create /var/lib/ldap/DB_CONFIG

set_cachesize           0 150000000 1
set_lg_regionmax        262144
set_lg_bsize            2097152
set_flags               DB_LOG_AUTOREMOVE

Create an ldif file to fill the initial LDAP database. Saved it as domainname.ldif (in my case : vavai.ldif) and then copy-paste the following content. Don’t forget to replace S-1-2-33-4444444444-5555555555-6666666666 with your Samba SID (See previous tutorial)

# LDAP INITIAL DATA
# SID S-1-2-33-4444444444-5555555555-6666666666.

dn: dc=vavai,dc=net
objectClass: dcObject
objectClass: organization
dc: vavai
o: VAVAI
description: Posix and Samba LDAP Identity Database

dn: cn=Manager,dc=vavai,dc=net
objectClass: organizationalRole
cn: Manager
description: Directory Manager

dn: cn=syncuser,dc=vavai,dc=net
objectClass: person
cn: syncuser
sn: syncuser
userPassword: SyncUser

dn: cn=sambaadmin,dc=vavai,dc=net
objectClass: person
cn: sambaadmin
sn: sambaadmin
userPassword: SambaAdmin

dn: cn=mailadmin,dc=vavai,dc=net
objectClass: person
cn: mailadmin
sn: mailadmin
userPassword: MailAdmin

dn: ou=Users,dc=vavai,dc=net
objectClass: top
objectClass: organizationalUnit
ou: Users

dn: ou=People,ou=Users,dc=vavai,dc=net
objectClass: top
objectClass: organizationalUnit
ou: People

dn: ou=Computers,ou=Users,dc=vavai,dc=net
objectClass: top
objectClass: organizationalUnit
ou: Computers

dn: ou=Groups,dc=vavai,dc=net
objectClass: top
objectClass: organizationalUnit
ou: Groups

dn: ou=Domains,dc=vavai,dc=net
objectClass: top
objectClass: organizationalUnit
ou: Domains

dn: sambaDomainName=VAVAI.NET,ou=Domains,dc=vavai,dc=net
objectClass: sambaDomain
objectClass: sambaUnixIdPool
uidNumber: 1000
gidNumber: 1000
sambaDomainName: VAVAI.NET
sambaSID: S-1-2-33-4444444444-5555555555-6666666666
sambaAlgorithmicRidBase: 1000
structuralObjectClass: sambaDomain

dn: cn=Domain Admins,ou=Groups,dc=vavai,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 512
cn: Domain Admins
sambaSID: S-1-2-33-4444444444-5555555555-6666666666-512
sambaGroupType: 2
displayName: Domain Admins
description: Domain Administrators

dn: cn=Domain Users,ou=Groups,dc=vavai,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
sambaSID: S-1-2-33-4444444444-5555555555-6666666666-513
sambaGroupType: 2
displayName: Domain Users
description: Domain Users

dn: cn=Domain Guests,ou=Groups,dc=vavai,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 514
cn: Domain Guests
sambaSID: S-1-2-33-4444444444-5555555555-6666666666-514
sambaGroupType: 2
displayName: Domain Guests
description: Domain Guests

dn: cn=Domain Computers,ou=Groups,dc=vavai,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 515
cn: Domain Computers
sambaSID: S-1-2-33-4444444444-5555555555-6666666666-515
sambaGroupType: 2
displayName: Domain Computers
description: Domain Computers

dn: cn=Administrators,ou=Groups,dc=vavai,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 544
cn: Administrators
sambaSID: S-1-2-33-4444444444-5555555555-6666666666-544
sambaGroupType: 5
displayName: Administrators
description: Administrators

dn: cn=Account Operators,ou=Groups,dc=vavai,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 548
cn: Account Operators
sambaSID: S-1-2-33-4444444444-5555555555-6666666666-548
sambaGroupType: 5
displayName: Account Operators
description: Account Operators

dn: cn=Print Operators,ou=Groups,dc=vavai,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 550
cn: Print Operators
sambaSID: S-1-2-33-4444444444-5555555555-6666666666-550
sambaGroupType: 5
displayName: Print Operators
description: Print Operators

dn: cn=Backup Operators,ou=Groups,dc=vavai,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 551
cn: Backup Operators
sambaSID: S-1-2-33-4444444444-5555555555-6666666666-551
sambaGroupType: 5
displayName: Backup Operators
description: Backup Operators

dn: cn=Replicators,ou=Groups,dc=vavai,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 552
cn: Replicators
sambaSID: S-1-2-33-4444444444-5555555555-6666666666-552
sambaGroupType: 5
displayName: Replicators
description: Replicators

Import the LDIF file into LDAP database with the following command (don’t forget to replace vavai.ldif with your own) :
```
slapadd -v -l vavai.ldif -f /etc/openldap/slapd.conf
```
It should be response with the process information as below :

added: “dc=vavai,dc=net” (00000001)
added: “cn=Manager,dc=vavai,dc=net” (00000002)
added: “cn=syncuser,dc=vavai,dc=net” (00000003)
added: “cn=sambaadmin,dc=vavai,dc=net” (00000004)
added: “cn=mailadmin,dc=vavai,dc=net” (00000005)
added: “ou=Users,dc=vavai,dc=net” (00000006)
added: “ou=People,ou=Users,dc=vavai,dc=net” (00000007)
added: “ou=Computers,ou=Users,dc=vavai,dc=net” (00000008)
added: “ou=Groups,dc=vavai,dc=net” (00000009)
added: “ou=Domains,dc=vavai,dc=net” (0000000a)
added: “sambaDomainName=VAVAI.NET,ou=Domains,dc=vavai,dc=net” (0000000b)
added: “cn=Domain Admins,ou=Groups,dc=vavai,dc=net” (0000000c)
added: “cn=Domain Users,ou=Groups,dc=vavai,dc=net” (0000000d)
added: “cn=Domain Guests,ou=Groups,dc=vavai,dc=net” (0000000e)
added: “cn=Domain Computers,ou=Groups,dc=vavai,dc=net” (0000000f)
added: “cn=Administrators,ou=Groups,dc=vavai,dc=net” (00000010)
added: “cn=Account Operators,ou=Groups,dc=vavai,dc=net” (00000011)
added: “cn=Print Operators,ou=Groups,dc=vavai,dc=net” (00000012)
added: “cn=Backup Operators,ou=Groups,dc=vavai,dc=net” (00000013)
added: “cn=Replicators,ou=Groups,dc=vavai,dc=net” (00000014)

If you found an error while trying to import the ldif file, check your ldif file to see if there’s a typo.
Setting up the owner for LDAP folder :
```
chown -R ldap.ldap /var/lib/ldap/
```
Create Samba primary password
```
smbpasswd -w zezevavai26032006
```

Samba should be response with the following message :
Setting stored password for “cn=sambaadmin,dc=vavai,dc=net” in secrets.tdb

We will continue to next article : Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 3, Setting up smbldap-tools and LAM (LDAP Accounts Manager)

January 7, 2010 at 8:38 am

[...] We will continue to the second tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Configuring LDAP Server [...]

Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 3 | Spirit of Change says:

January 7, 2010 at 3:52 pm

[...] Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 2, Configuring OpenLDAP [...]

lightningwolfox says:

July 6, 2010 at 9:03 am

Hi, i’m stuck on:

slapadd -v -l vavai.ldif -f /etc/openldap/slapd.conf

part…it produces this kind of error

bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
=> bdb_tool_entry_put: id2entry_add failed: DB_KEYEXIST: Key/data pair already exists (-30996)
=> bdb_tool_entry_put: txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996)
slapadd: could not add entry dn=”dc=aaisi,dc=ph” (line=1): txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996)
_# 5.46% eta none elapsed none spd 115.4 k/s

gvra says:

July 8, 2010 at 6:05 pm

Hi! Also stuck on slapadd command. The message I get is: bdb_db_open: database “dc=dflti,dc=local”: database already in use.
backend_startup_one (type=bdb, suffix=”dc=dflti,dc=local”): bi_db_open failed! (-1)
slap_startup failed

Any ideas???