Hi Im not sure if it's in this list but configuring ldap Im with a doubt.I would like to distribute openldap conexions between mail server and samba server. Which's the better form, master-master or master-slave? I understand using PDC and BDC the relationship is master-slave, but between mail and samba?
Thanks & Best Regards 2011/2/21 marcos gonzalez <marcos.gonzalez.c...@gmail.com> > Ok in my server the ldap config is inside /etc/ and this file nss_ldap it's > inside /etc/ldap/. i didn't understand why pass this but now I understand > all > > Thanks > > >> >> >> Hi >> >> Ok, and how I config nss_ldap? When I copy all database is included? >> >> Well, the easiest way, for Samba use, is to simply cp your ldap.conf file >> for the ldap client application to nss_ldap.conf--cp ldap.conf nss_ldap.conf >> (this can be a bit confusing, as openldap uses a file called ldap.conf for >> configuring the ldap client as well as a file called ldap.conf for >> configuring basic ldap server process. The server file is generally >> contained in the directory where configuration files are kept in a >> subdirectory called openldap along with files like slapd.conf and is >> generally a small file witch looks something like this: >> >> # >> # LDAP Defaults >> # >> >> # See ldap.conf(5) for details >> # This file should be world readable but not world writable. >> >> BASE dc=mydomain,dc=com >> URI ldapi://%2fvar%2frun%2fopenldap%2fldapi ldap://192.168.64.2:389 >> # TLS_CACERT /usr/local/etc/openldap/cacert.pem >> >> #SIZELIMIT 12 >> #TIMELIMIT 15 >> #DEREF never >> >> whereas the ldap.conf for the client is rather lengthy and contains quite >> a bit of information for contacting the ldap server, how the dit should be >> searched, etc.) >> >> And, no, nss_ldap.conf has nothing to do with the ldap server. >> nss_ldap.conf can be used to contact an external ldap server, just as the >> ldap.conf for the ldap client application can/ >> >> Sorry for the newbie questions, If any time comes to barcelona contact me, >> you has a beer paid (Daniel too) :-) >> >> Well, now that's quite a generous offer. Much appreciated. >> >> >> >> Thanks and Best Regards >> >> 2011/2/20 <t...@tms3.com> >> >>> >>> >>> Hi >>> >>> Thanks, this howto for me its better. I have other doubt, syncrepl needs >>> to be installed or comes integrated with slapd daemon? >>> >>> It is all part of the openldap suite. >>> >>> >>> >>> And to transfer all shared samba folders and profile content, when it's >>> the better moment? I understand when samba is down or when is up? >>> >>> Depends on the permissions. However, so long as ALL the files to be >>> transferred belong to users in LDAP then, with nss_ldap properly configured, >>> any copy that preserves permissions should be fine. >>> >>> >>> >>> Thanks and Best Regards >>> >>> 2011/2/20 <t...@tms3.com> >>> >>>> >>>> >>>> Now you are on to copy your slapd.conf and ldap.conf to your new >>>> machine: >>>> Ex: scp slapd.conf root@2machine:/etc/openldap >>>> >>>> ---------------------------HOw I can make this If slurpd is deprecated? >>>> The guide >>>> >>>> >>>> http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html >>>> >>>> not's easy to understand, not exist other howto more simple? >>>> >>>> Here is another guide. The first link is quite comprehensive. >>>> http://www.zytrax.com/books/ldap/ch7/ >>>> >>>> The entire online manual is a good read. I highly recommend it. >>>> >>>> >>>> >>>> >>>>Now important I do the trick with slurpd. There are many other ways >>>> but this >>>> >>>>is easy. >>>> >>>>Slurpd should be installed on your Master an only there. >>>> >>>>So go in to the slapd.conf on your master and put a few lines in it >>>> at the >>>> >>>>end. >>>> >>>>Be carefull all tabs must fit exact as this example: >>>> >>>> replica uri=ldap://IPOFYOUR2MACHINE:389 >>>> binddn="cn=youradmin,dc=your,dc=ldap" >>>> suffix="dc=yourc,dc=ldap" >>>> bindmethod=simple >>>> credentials=securepassword >>>> >>>> I understand the part of backup slapd only works with the service >>>> stopped? >>>> >>>> Well Im grateful for all your time :-) >>>> >>>> Thanks and Best Regards >>>> >>>> >>>> >>>> 2011/2/18 <t...@tms3.com> >>>> >>>>> >>>>> >>>>> In my hint I think your samba PDC/Ldap is cuurently working well! >>>>> First of all install a second machine with the samba and ldap. >>>>> Do not start samba, do not start ldap. >>>>> The ldap database should be nearly empty ex:/var/lib/ldap >>>>> >>>>> Now copy your smb.conf to your new machine ex: scp root@2machine >>>>> :/etc/samba >>>>> Edit the smb.conf to your needs and adjust it to be a bdc: >>>>> domain master=NO >>>>> domain logons=YES >>>>> Make a testparm it should succed like this: >>>>> testparm >>>>> Load smb config files from /etc/samba/smb.conf >>>>> Processing section "[netlogon]" >>>>> WARNING: The "share modes" option is deprecated >>>>> Processing section "[sysvol]" >>>>> WARNING: The "share modes" option is deprecated >>>>> Processing section "[homes]" >>>>> Processing section "[profiles]" >>>>> Processing section "[alles]" >>>>> Processing section "[printers]" >>>>> Processing section "[print$]" >>>>> Loaded services file OK. >>>>> Server role: ROLE_DOMAIN_BDC <----------------------------you are a BDC >>>>> Press enter to see a dump of your service definitions >>>>> >>>>> Yes very nice! >>>>> >>>>> >>>>> >>>>> Now you are on to copy your slapd.conf and ldap.conf to your new >>>>> machine: >>>>> Ex: scp slapd.conf root@2machine:/etc/openldap >>>>> >>>>> Now important I do the trick with slurpd. >>>>> >>>>> Sorry, but Slurpd is depricated and no longer available in Openldap >>>>> since 2.3 >>>>> http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd >>>>> >>>>> Here is nice overview of the way LDAP currently works: >>>>> >>>>> >>>>> http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html >>>>> >>>>> Once you have sync-repl set up on the current master, and a proper >>>>> slapd.conf and ldap.conf file on the new machine, start ldap, then >>>>> >>>>> smbpasswd -w <ldap-master-passwd> >>>>> net rpc join -U<administrator> <domain name> >>>>> >>>>> Done. >>>>> >>>> >>>> >>>> >>> >>> >> >> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba