Samba e OpenLDAP: creare un controller di dominio con Debian Squeeze: differenze tra le versioni

Samba e OpenLDAP: creare un controller di dominio con Debian Squeeze (visualizza wikitesto)

Versione delle 21:14, 2 ott 2011

1 201 byte rimossi , 2 ott 2011

→‎Configurazione del server LDAP con slapd.d

Ferdybassi

Burocrati, Amministratori

4 069

contributi

@@ Riga 462: / Riga 462: @@
 editandolo così:
 <pre>
-# Load modules for database type
+dn: olcDatabase={1}hdb,cn=config
-dn: cn=module,cn=config
+changetype: modify
-objectclass: olcModuleList
+replace: olcSuffix
-olcModulepath: /usr/lib/ldap
-cn: module
-olcModuleLoad: back_bdb.la
-# Create directory database
-dn: olcDatabase=bdb,cn=config
-# Location on system where database is stored
-olcDbDirectory: /var/lib/ldap
-objectClass: olcDatabaseConfig
-objectClass: olcBdbConfig
-olcDatabase: bdb
-# Domain name (e.g. dominio.local)
 olcSuffix: dc=dominio,dc=local
+-
-# Manager of the database
+replace: olcRootDN
 olcRootDN: cn=admin,dc=dominio,dc=local
-olcRootPW: mia_password
+-
+replace: olcAccess
-# Indices in database to speed up searches
+olcAccess: to attrs=userPassword,SambaLMPassword,SambaNTPassword,sambaPwdLastSet,sambaPwdMustChange,sambaPasswordHistory by dn="cn=admin,dc=dominio,dc=local" write by anonymous auth by self write by * none
-olcDbIndex: uid pres,sub,eq
+olcAccess: to attrs=shadowLastChange by self write by * read
-olcDbIndex: cn,sn,mail pres,eq,approx,sub
+olcAccess: to dn.base="" by * read by self write
-olcDbIndex: objectClass eq
+olcAccess: to * by dn="cn=admin,dc=dominio,dc=local" write by * read by self write
-olcDbIndex: uidNumber eq
+-
-olcDbIndex: gidNumber eq
-olcDbIndex: uid pres,sub,eq
-olcDbIndex: memberUid eq
-olcDbIndex: uniqueMember eq
-olcDbIndex: sambaSID eq
-olcDbIndex: sambaPrimaryGroupSID eq
-olcDbIndex: sambaDomainName eq
-olcDbIndex: sambaSIDList eq
-olcDbIndex: sambaGroupType eq
-olcDbIndex: default sub
-# Allow users to change their own password
-# Allow anonymous to authenciate against the password
-# Allow admin to change anyone's password
-olcAccess: to attrs=userPassword,SambaLMPassword,SambaNTPassword,sambaPwdLastSet,sambaPwdMustChange,sambaPasswordHistory
-  by self write
-  by anonymous auth
-  by dn.base="cn=admin,dc=dominio,dc=local" write
-  by * none
-# Allow users to change their own record
-# Allow anyone to read directory
-olcAccess: to *
-  by self write
-  by dn.base="cn=admin,dc=dominio,dc=local" write
-  by * read
-olcAccess: to attrs=shadowLastChange
-  by self write
-  by * read
-olcAccess: to dn.base=""
-  by self write
-  by * read
-olcDbCheckpoint: 512 30
-olcDbConfig: set_cachesize 0 2097152 0
-olcDbConfig: set_lk_max_objects 1500
-olcDbConfig: set_lk_max_locks 1500
-olcDbConfig: set_lk_max_lockers 1500
 </pre>
 Aggiungiamo alla configurazione il backend in questo modo: