Re: pacote perl-Net-LDAP
caio ferreira escreveu:
...
Outra coisa também, é verificar minuciosamente se as configurações em
/etc/smbldap-tools/smbldap.conf e em /etc/smbldap-tools/smbldap_bind
estão rigorosamente corretas, um minúsculo erro nestes arquivos é
garantia de dor-de-cabeça por toda vida :)
Eu imagino que seja esse o problema. Executei o script configure.pl
e o erro mudo, agora o que esta aparecendo eh o seguinte :
failed to perform search; invalid DN at /usr/local/sbin//smbldap_tools.pm
line 212, <DATA> line 283. invalid DN at /usr/local/sbin//smbldap_tools.pm
line 726, <DATA> line 283.
Como é que eu faria para testar se o LDAP esta instalado corretamente
e principalmente, configurado corretamente ?!?!?
Saudações,
Para fazer um teste simples e conferir se seu OpenLDAP está normal pode
executar o comando
$ ldapsearch -x
deverá lhe retornar uma saida completa do conteúdo do seu diretório no estilo
ldif.
Se quizer fazer uma busca refinada, pode adaptar o seguinte exemplo:
exibir informações da úsuaria aeon...
$ ldapsearch -b "ou=People,dc=docaespacial,dc=org" -x "(uid=aeon)"
deve dar uma saída ao estilo ldif para o usuário que vc colocar (no meu caso
a Aeon Flux :)
a saída deve ser algo assim:
===== saida do exemplo ===
# extended LDIF
#
# LDAPv3
# base <ou=People,dc=docaespacial,dc=org> with scope sub
# filter: (uid=aeon)
# requesting: ALL
#
# aeon, People, docaespacial.org
dn: uid=aeon,ou=People,dc=docaespacial,dc=org
uid: aeon
cn: Aeon Flux
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowLastChange: 12547
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/aeon
gecos: Aeon Flux
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
=== fim da saída do exemplo ====
É claro, só atente ao detalhe que no OpenLDAP *tudo* é Case Sensitive, logo
tome aquele cuidado ao digitar.
Para ver se é possível dar uma luz com relação ao smbldap-tools estou enviando
o meu smbldap-tools.conf em anexo, só não se preoculpe com a parte de
TLS/Certicado que no meu ainda não testei direito, mão não é mandatório.
Espero que ajude, boa sorte.
--
[]s
Pedro
Desenvolvedor, Mestre Jedi, Slackwarrior
Usuário Linux Registro no. 274710
Usuário Debian-BR GNU/Linux no. 606
'E que os fontes estejam com você !'
# $Source: /opt/cvs/samba/smbldap-tools/smbldap.conf,v $
# $Id: smbldap.conf,v 1.6 2004/02/07 16:58:52 jtournier Exp $
#
# smbldap-tools.conf : Q & D configuration file for smbldap-tools
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
# Copyright (C) 2001-2002 IDEALX
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
# USA.
# Purpose :
# . be the configuration file for all smbldap-tools scripts
##############################################################################
#
# General Configuration
#
##############################################################################
# UID and GID starting at...
UID_START="1000"
GID_START="1000"
# Put your own SID
# to obtain this number do: net getlocalsid
SID="S-1-5-21-423759873-3637185408-1306268543"
##############################################################################
#
# LDAP Configuration
#
##############################################################################
# Notes: to use to dual ldap servers backend for Samba, you must patch
# Samba with the dual-head patch from IDEALX. If not using this patch
# just use the same server for slaveLDAP and masterLDAP.
# Those two servers declarations can also be used when you have
# . one master LDAP server where all writing operations must be done
# . one slave LDAP server where all reading operations must be done
# (typically a replication directory)
# Ex: slaveLDAP=127.0.0.1
slaveLDAP="localhost"
slavePort="389"
# Master LDAP : needed for write operations
# Ex: masterLDAP=127.0.0.1
masterLDAP="localhost"
masterPort="389"
# Use TLS for LDAP
# If set to 1, this option will use start_tls for connection
# (you should also used the port 389)
ldapTLS="1"
# How to verify the server's certificate (none, optional or require)
# see "man Net::LDAP" in start_tls section for more details
verify="none"
# CA certificate
# see "man Net::LDAP" in start_tls section for more details
cafile="/etc/smbldap-tools/certs/ca.pem"
# certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
clientcert="/etc/smbldap-tools/certs/smbldap-tools.pem"
# key certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
clientkey="/etc/smbldap-tools/keys/smbldap-tools.key"
# LDAP Suffix
# Ex: suffix=dc=IDEALX,dc=ORG
suffix="dc=docaespacial,dc=org"
# Where are stored Users
# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
usersdn="ou=People,dc=docaespacial,dc=org"
# Where are stored Computers
# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
computersdn="ou=Computers,dc=docaespacial,dc=org"
# Where are stored Groups
# Ex groupsdn="ou=Groups,dc=IDEALX,dc=ORG"
groupsdn="ou=Group,dc=docaespacial,dc=org"
# Default scope Used
scope="sub"
# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA)
hash_encrypt="CRYPT"
##############################################################################
#
# Unix Accounts Configuration
#
##############################################################################
# Login defs
# Default Login Shell
# Ex: userLoginShell="/bin/bash"
userLoginShell="/bin/bash"
# Home directory prefix (without username)
# Ex: userHomePrefix="/home/"
userHomePrefix="/home/"
# Gecos
userGecos="System User"
# Default User (POSIX and Samba) GID
defaultUserGid="513"
# Default Computer (Samba) GID
defaultComputerGid="1003"
# Skel dir
skeletonDir="/etc/skel"
# Default password validation time (time in days) Comment the next line if
# you don't want password to be enable for defaultMaxPasswordAge days (be
# careful to the sambaPwdMustChange attribute's value)
defaultMaxPasswordAge="45"
##############################################################################
#
# SAMBA Configuration
#
##############################################################################
# The UNC path to home drives location without the username last extension
# (will be dynamically prepended)
# Ex: \\My-PDC-netbios-name\homes
# Just set it to a null string if you want to use the smb.conf 'logon home'
# directive and/or desabling roaming profiles
userSmbHome="\\\\%N\\profile"
# The UNC path to profiles locations without the username last extension
# (will be dynamically prepended)
# Ex: \\My-PDC-netbios-name\profiles\
# Just set it to a null string if you want to use the smb.conf 'logon path'
# directive and/or desabling roaming profiles
userProfile="\\\\%N\\profileNT"
# The default Home Drive Letter mapping
# (will be automatically mapped at logon time if home directory exist)
# Ex: q(U:) for U:
userHomeDrive="H:"
# The default user netlogon script name
# if not used, will be automatically username.cmd
# make sure script file is edited under dos
userScript="logon.bat"
##############################################################################
#
# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
#
##############################################################################
# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
# prefer mkntpwd... most of the time, it's a wise choice :-)
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
mk_ntpasswd="/usr/local/sbin/mkntpwd"
############################
# Credential Configuration #
############################
# Notes: you can specify two differents configuration if you use a
# master ldap for writing access and a slave ldap server for reading access
# By default, we will use the same DN (so it will work for standard Samba
# release)
slaveDN="cn=admin,dc=docaespacial,dc=org"
slavePw="senhadoadminaqui"
masterDN="cn=admin,dc=docaespacial,dc=org"
masterPw="senhadoadminaqui"
Reply to: