[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heimdal/OpenLDAP/Samba howto and bugreport

To: Andrew Bartlett <abartlet@samba.org>
Subject: Re: Heimdal/OpenLDAP/Samba howto and bugreport
From: Tarjei Huse <tarjei@nu.no>
Date: Sun, 30 May 2004 15:31:38 +0200
Cc: Love <lha@stacken.kth.se>, heimdal-discuss@sics.se
In-Reply-To: <1085883225.3073.627.camel@piglett.bartlett.house>
References: <1085567567.3321.234.camel@elprinsessekaja.mail.nu.no> <amr7t6f75f.fsf@nutcracker.stacken.kth.se> <1085671043.3320.2434.camel@elprinsessekaja.mail.nu.no> <am65ahsw7u.fsf@nutcracker.stacken.kth.se> <1085743718.3590.224.camel@elprinsessekaja.mail.nu.no> <am1xl38sne.fsf@nutcracker.stacken.kth.se> <1085844153.1553.24.camel@heimen.local> <1085883225.3073.627.camel@piglett.bartlett.house>
Reply-To: tarjei@nu.no
Sender: owner-heimdal-discuss@sics.se

Hi,
<(snip)> 

> > > structural object name
> > IMHO, this should be like today: use account as base and do not bother
> > much with modifying it. Let the sambacode search for sambaSAMAccount
> > instead of the account objectclass.
> We should search for both - so that we can find the 'account' to put a
> new heimdal entry on, if there is only the posixAccount.  
Is this handled in the code today?

> > If someone can point me to some sample code for schemadetection I'll try
> > to hack together something that may check if it is the old Samba2.x
> > ldapschema or the new one (and also to check if the krb schema exist).
> There is no point looking for Samba 2.2 - production sites should be
> running 3.0.  (And certainly anybody playing with kerberos and other
> development things should certainly be).
Ok. You don't happen to know some code?

<snipp some more>
> > I'm not sure what you're going after here, but I'm thinking that the
> > databasedefinition could be something like this:

> > [kdc]
> > database {
> > 	dbname  = ldap:<searchbase>
> > 	ldap-kerberos-add-base = ou=Kerberos,<searchbase>
> > 	# this defines the searchfilter, 
> > 	# 0 : searchfilter
> > 	# 1: searchfilter also searches for uid and sambasamaccount
> > objectclass.
> > 	ldap-use-samba = 0|1 
> > 	# optional, if you want to exclude some objects from your
> > 	# domain
> >         ldap-samba-userbase = ou=People,<searchbase>
> If we are not adding Samba accounts, how does this help?
If you got a large ldaptree, having a narow searchbase is a good idea (IMHO).
> > 	# optional sambadomain, if you have multiple domains you want to 	#map
> > differently. Also adds to the searchstring.
> > 	ldap-samba-domain = MYDOMAIN 
> I don't think we need this.
Ok, I'll dropp it for now.




Tarjei
> 
> > }
> > 
> > This makes it possible to set up a kerberos domain with only
> > database {
> > 	dbname = ldap:<searchbase>
> >  	ldap-use-samba = 1
> > }
> > And be done if you got a fairly standard setup. 
> > 
> > Anyhow, just my 0.02c :-)
> 
> Thanks for taking such an interest in all this!
> 
> Andrew Bartlett

References:
- Heimdal/OpenLDAP/Samba howto and bugreport
  - From: Tarjei Huse <tarjei@nu.no>
- Re: Heimdal/OpenLDAP/Samba howto and bugreport
  - From: Tarjei Huse <tarjei@nu.no>
- Re: Heimdal/OpenLDAP/Samba howto and bugreport
  - From: Love <lha@stacken.kth.se>
- Re: Heimdal/OpenLDAP/Samba howto and bugreport
  - From: Tarjei Huse <tarjei@nu.no>
- Re: Heimdal/OpenLDAP/Samba howto and bugreport
  - From: Love <lha@stacken.kth.se>
- Re: Heimdal/OpenLDAP/Samba howto and bugreport
  - From: Tarjei Huse <tarjei@nu.no>
- Re: Heimdal/OpenLDAP/Samba howto and bugreport
  - From: Andrew Bartlett <abartlet@samba.org>

Prev by Date: Re: Heimdal/OpenLDAP/Samba howto and bugreport
Next by Date: Re: Heimdal/OpenLDAP/Samba howto and bugreport
Prev by thread: Re: Heimdal/OpenLDAP/Samba howto and bugreport
Next by thread: Re: Heimdal/OpenLDAP/Samba howto and bugreport
Index(es):
- Date
- Thread