Samba e OpenLDAP: creare un controller di dominio con Debian Squeeze: differenze tra le versioni

Vai alla navigazione Vai alla ricerca

Samba e OpenLDAP: creare un controller di dominio con Debian Squeeze (visualizza wikitesto)

Versione delle 21:14, 2 ott 2011

1 201 byte rimossi ,  2 ott 2011
→‎Configurazione del server LDAP con slapd.d
Riga 462: Riga 462:
editandolo così:
editandolo così:
<pre>
<pre>
# Load modules for database type
dn: olcDatabase={1}hdb,cn=config
dn: cn=module,cn=config
changetype: modify
objectclass: olcModuleList
replace: olcSuffix
olcModulepath: /usr/lib/ldap
cn: module
olcModuleLoad: back_bdb.la
 
# Create directory database
dn: olcDatabase=bdb,cn=config
 
# Location on system where database is stored
olcDbDirectory: /var/lib/ldap
 
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: bdb
 
# Domain name (e.g. dominio.local)
olcSuffix: dc=dominio,dc=local
olcSuffix: dc=dominio,dc=local
 
-
# Manager of the database
replace: olcRootDN
olcRootDN: cn=admin,dc=dominio,dc=local
olcRootDN: cn=admin,dc=dominio,dc=local
olcRootPW: mia_password
-
 
replace: olcAccess
# Indices in database to speed up searches
olcAccess: to attrs=userPassword,SambaLMPassword,SambaNTPassword,sambaPwdLastSet,sambaPwdMustChange,sambaPasswordHistory by dn="cn=admin,dc=dominio,dc=local" write by anonymous auth by self write by * none
olcDbIndex: uid pres,sub,eq
olcAccess: to attrs=shadowLastChange by self write by * read
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcAccess: to dn.base="" by * read by self write
olcDbIndex: objectClass eq
olcAccess: to * by dn="cn=admin,dc=dominio,dc=local" write by * read by self write
olcDbIndex: uidNumber eq
-
olcDbIndex: gidNumber eq
olcDbIndex: uid pres,sub,eq
olcDbIndex: memberUid eq
olcDbIndex: uniqueMember eq
olcDbIndex: sambaSID eq
olcDbIndex: sambaPrimaryGroupSID eq
olcDbIndex: sambaDomainName eq
olcDbIndex: sambaSIDList eq
olcDbIndex: sambaGroupType eq
olcDbIndex: default sub
 
# Allow users to change their own password
# Allow anonymous to authenciate against the password
# Allow admin to change anyone's password
olcAccess: to attrs=userPassword,SambaLMPassword,SambaNTPassword,sambaPwdLastSet,sambaPwdMustChange,sambaPasswordHistory
  by self write
  by anonymous auth
  by dn.base="cn=admin,dc=dominio,dc=local" write
  by * none
 
# Allow users to change their own record
# Allow anyone to read directory
olcAccess: to *
  by self write
  by dn.base="cn=admin,dc=dominio,dc=local" write
  by * read
 
olcAccess: to attrs=shadowLastChange
  by self write
  by * read
 
olcAccess: to dn.base=""
  by self write
  by * read
 
olcDbCheckpoint: 512 30
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
</pre>
</pre>
Aggiungiamo alla configurazione il backend in questo modo:
Aggiungiamo alla configurazione il backend in questo modo:
Estratto da "https://guide.debianizzati.org/index.php/Speciale:DiffMobile/26658"

Menu di navigazione