In this part I’m setting up ldap schemas for samba, autofs and kerberos. This is needed before the actual configuration for these can be done. Unfortunately I could not find ldif files for OpenLDAP for these, so the schema files need to be converted to ldif files. The tutorial at help.ubuntu.com instructs to use the slaptest tool for this.
First get the tools and packages that contain the schemas that need to be converted. autofs.schema is in the autofs-ldap package, samba.schema is in the samba sources and kerberos.schema come with the krb5-kdc-ldap package.
sudo apt-get install dpkg-dev autofs-ldap krb5-kdc-ldap apt-get source samba cp ./samba-3.4.3/examples/LDAP/samba.schema . cp /etc/ldap/schema/autofs.schema . cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz . gunzip kerberos.schema.gz
schema_convert.conf is a temporary file used to convert the schemas to ldif format:
include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema include samba.schema include autofs.schema include kerberos.schema
The actual conversion is done by running slaptest. It places the the resulting files under ldif_result directory. The files need to be cleaned a bit so that they are be imported. This is not exactly the nicest looking piece I’ve written, but it seems to do the trick.
mkdir ldif_result
slaptest -f schema_convert.conf -F ldif_result
cat ldif_result/cn=config/cn=schema/cn=*samba.ldif | \
egrep -v structuralObjectClass\|entryUUID\|creatorsName | \
egrep -v createTimestamp\|entryCSN\|modifiersName\|modifyTimestamp | \
sed 's/dn: cn={.}samba/dn: cn=samba,cn=schema,cn=config/g' | \
sed 's/{.}samba/samba/' > samba.ldif
cat ldif_result/cn=config/cn=schema/cn=*autofs.ldif | \
egrep -v structuralObjectClass\|entryUUID\|creatorsName | \
egrep -v createTimestamp\|entryCSN\|modifiersName\|modifyTimestamp | \
sed 's/dn: cn={.}autofs/dn: cn=autofs,cn=schema,cn=config/g' | \
sed 's/{.}autofs/autofs/' > autofs.ldif
cat ldif_result/cn=config/cn=schema/cn=*kerberos.ldif | \
egrep -v structuralObjectClass\|entryUUID\|creatorsName | \
egrep -v createTimestamp\|entryCSN\|modifiersName\|modifyTimestamp | \
sed 's/dn: cn={.}kerberos/dn: cn=kerberos,cn=schema,cn=config/g' | \
sed 's/{.}kerberos/kerberos/' > kerberos.ldif
sudo cp samba.ldif autofs.ldif kerberos.ldif /etc/ldap/schema/
The ldif files are now placed under /etc/ldap/schema/ and can be added using ldapadd:
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/samba.ldif sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/autofs.ldif sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/kerberos.ldif
Next it’s time to finally get to kerberos, I hope..
Veli-Matti Lintu