Hi,
after reading several tutorials and howtos for building a ldap-pdc i decided to write this small howto build on three different tutorials. Each one of them had it's small "bugs" so here is what worked for me:
1. Building LDAP Server
install openldap, set ldap password and edit slapd.conf:
~# yum install openldap-servers openldap-clients
~# slappasswd -h {SSHA}
~# vim /etc/openldap/slapd.conf
change some lines:
suffix "dc=DOMAIN,dc=LOCAL"
rootdn "cn=Manager,dc=DOMAIN,dc=LOCAL"
rootpw {SSHA}PASSWORD -> generated with slapppasswd
add this to the file:
include /etc/openldap/schema/samba.schema
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by dn="cn=Manager,dc=DOMAINdc=LOCAL" write
by anonymous auth
by * none
access to *
by dn="cn=Manager,dc=DOMAIN,dc=LOCAL" write
by self write
by * read
copy database
~# cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
now start the ldap server and add it to startup:
~# /etc/init.d/ldap start
~# chkconfig ldap on
2. Add initial and exisitng users/groups
change some lines in the migration script:
~# vim /usr/share/openldap/migration/migrate_common.ph
$DEFAULT_MAIL_DOMAIN = "DOMAIN.LCOAL";
$DEFAULT_BASE = "dc=DOMAIN,dc=LOCAL";
after that fill the ldap database
~# /usr/share/openldap/migration/migrate_base.pl > base.ldif
~# ldapadd -x -W -D "cn=Manager,dc=DOMAIN,dc=LOCAL" -f base.ldif
~# grep "x:[5-9][0-9][0-9]" /etc/passwd > passwd
~# grep "x:[5-9][0-9][0-9]" /etc/group > group
~# /usr/share/openldap/migration/migrate_passwd.pl passwd > passwd.ldif
~# /usr/share/openldap/migration/migrate_group.pl group > group.ldif
~# ldapadd -x -W -D "cn=Manager,dc=DOMAIN,dc=LOCAL" -f passwd.ldif
~# ldapadd -x -W -D "cn=Manager,dc=DOMAIN,dc=LOCAL" -f group.ldif