Now with the files attached :-)
On Fri, 2004-07-23 at 10:52, Tarjei Huse wrote: > Hi, > > Having set up a few Samba-ldap installations, I always end up with the > feeling that OpenLDAP ACLs is what took time. The following patches / > scripts might help someone else. > > I would appreciate some input on the access.conf.pl file so that it is > even better tuned. > > Mr Tournier and the sambateam: Please include the files you find > usefull. > > The attached files are: > > slapd.conf.pl : > A simple utility to generate a bafis slapd.conf file. Usage: > ./slapd.conf.pl <basedn> <hostname> [tls] > slapd.conf. > Note: This one is not that important. > > access.conf.pl: > This is a simple utility to generate a working set of ACLs for a basic > samba-ldap installation. > > Usage: > ./access.conf.pl <basedn> <hostname> > access.conf > > access.conf must then be added as a include at the end of slapd.conf. > > smbldap-populate.patch: > This is a patch to add an extra ou=Services to the ldaptree and add a > simpelSecurityObject samba to that ou. Use this as the "sambauser". The > only thing samba needs is access to the ldap-tree not be a complete > Unix/Windos user. > > The patch is written so that if you run configure.pl in smbldaptools > first, it will use the password you have set for the master ldapserver, > thus you save a bit work there :-) > > Please comment and commit ;-) > > Tarjei
--- smbldap-tools-0.8.2/smbldap-populate.pl 2003-11-28 16:21:35.000000000 +0100 +++ smbldap-tools-0.8.2.p/smbldap-populate.pl 2003-12-08 19:35:31.000000000 +0100 @@ -94,18 +94,19 @@ die "can't extract first attr and value from suffix $suffix"; } #print "$attr=$val\n"; + my $org; my ($organisation,$ext) = ($suffix =~ m/dc=(.*),dc=(.*)$/); - + if ($organisation ne '') { + $org = "\nobjectclass: organization\no: $organisation"; + } #my $FILE="|cat"; my $FILE=$tmp_ldif_file; open (FILE, ">$FILE") || die "Can't open file $FILE: $!\n"; print FILE <<EOF; dn: $suffix -objectClass: $objcl -objectclass: organization +objectClass: $objcl$org $attr: $val -o: $organisation dn: $usersdn objectClass: organizationalUnit @@ -309,7 +310,6 @@ } else { $tmp_ldif_file=$_ldifName; } - my $ldap_master=connect_ldap_master(); my $ldif = Net::LDAP::LDIF->new($tmp_ldif_file, "r", onerror => 'undef' ); while( not $ldif->eof() ) {
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba