Next OpenLDAP Question

Craig White craigwhite at azapple.com
Thu May 18 20:32:45 MST 2006 

On Thu, 2006-05-18 at 19:40 -0700, Nathan England wrote:
> I don't know the different accounts setting them up on the command line but 
> there is an option in phpldapadmin to add a Samba3 Account. Is this what I 
> should do or just a regular account?
> 
> I haven't got the books yet, so what I am doing is making changes with 
> ldapadmin then looking at the command line to see what it did. I pretty much 
> understand it, just putting it all together now without many resources is 
> kind of tough.
> 
> nathan
> 
> On Thursday 18 May 2006 17:25, you wrote:
> > On Thu, 2006-05-18 at 15:32 -0700, Nathan England wrote:
> > > Do you have to have samba setup and using the ldap backend for any type
> > > of login authentication or is just LDAP enough?
> > >
> > > I'm playing with a few web based things that have the ability to
> > > authenticate logins via LDAP... Needless to say it is not working for me,
> > > but I have not tied samba in yet, but was curious if that is required?
> >
> > ----
> > I use LDAP to authenticate everything/everybody including samba users
> > and http users (authz_ldap)
> >
> > This is one of those things that RHEL/CentOS does exceptionally well...
> >
> > authconfig
> > up2date authz_ldap or yum install authz_ldap
> >
> > samba users/authentication is necessary only for samba, perhaps squid if
> > using ntlm authentication
----
You really need to learn it - phpldapadmin is capable of creating any
entries you want but it won't cover for your lack of understanding the
methodology. My experience is very clear on this...you need to learn the
cli tools, ldapadd/ldapmodify/ldapsearch and when you get them down,
LDAP is easy. Especially because you can manually test what your
applications are doing.

This might help you...

# ldapsearch -x \
-h localhost \
-D 'uid=craig,ou=People,dc=azapple,dc=com' \
-W \
'(uid=craig)'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (uid=craig)
# requesting: ALL
#

# craig, People, azapple.com
dn: uid=craig,ou=People,dc=azapple,dc=com
sambaLMPassword: removed
sambaNTPassword: removed
sn: White
givenName: Craig
sambaPwdCanChange: 1091395680
sambaPwdMustChange: 2147483647
sambaPwdLastSet: 1091395680
labeledURI: http://linuxserver/horde/kronolith/fb.php?c=craig
shadowMax: 99999
sambaProfilePath: \\srv1\profiles\craig
sambaLogonScript: logon.bat
cn: Craig White
uidNumber: 500
shadowWarning: 7
sambaPrimaryGroupSID: S-1-5-21-REMOVED-513
sambaAcctFlags: [U          ]
gecos: Craig White
mail: craigwhite at azapple.com
uid: craig
sambaHomePath: \\srv1\homes\craig
homeDirectory: /home/craig
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: top
objectClass: calEntry
gidNumber: 500
sambaDomainName: AZAPPLE
sambaSID: S-1-5-21-REMOVED-1000
sambaHomeDrive: h:
calFBURL: http://srv1/horde/kronolith/fb.php?c=craig
loginShell: /bin/bash
userPassword:: removed
shadowLastChange: 13197

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Craig

More information about the PLUG-discuss mailing list