On Wednesday 21 July 2004 18:59, Barry Rumsey wrote: > hi > I am using suse 9.1, openldap 2.2-34, samba 3.0.4-1.2. > My slapd.conf looks like this: > # > # See slapd.conf(5) for details on configuration options. > # This file should NOT be world readable. > # > include /etc/openldap/schema/core.schema > include /etc/openldap/schema/cosine.schema > include /etc/openldap/schema/inetorgperson.schema > include /etc/openldap/schema/samba.schema > include /etc/openldap/schema/nis.schema
The NIS schema must be specified BEFORE the samba schema! > > # Define global ACLs to disable default read access. > > # Do not enable referrals until AFTER you have a working directory > # service AND an understanding of referrals. > #referral ldap://root.openldap.org > > pidfile /var/run/slapd/run/slapd.pid > argsfile /var/run/slapd/run/slapd.args > > # Load dynamic backend modules: > modulepath /usr/lib/openldap/modules > # moduleload back_ldap.la > # moduleload back_meta.la > # moduleload back_monitor.la > # moduleload back_perl.la > > # Sample security restrictions > # Require integrity protection (prevent hijacking) > # Require 112-bit (3DES or better) encryption for updates > # Require 63-bit encryption for simple bind > # security ssf=1 update_ssf=112 simple_bind=64 > > # Sample access control policy: > # Root DSE: allow anyone to read it > # Subschema (sub)entry DSE: allow anyone to read it > # Other DSEs: > # Allow self write access > # Allow authenticated users read access > # Allow anonymous users to authenticate > # Directives needed to implement policy: > # access to dn.base="" by * read > # access to dn.base="cn=Subschema" by * read > # access to * > # by self write > # by users read > # by anonymous auth > # > # if no access controls are present, the default policy > # allows anyone and everyone to read anything but restricts > # updates to rootdn. (e.g., "access to * by * read") > # > # rootdn can always read and write EVERYTHING! > > ####################################################################### > # bdb database definitions > ####################################################################### > > database bdb > checkpoint 1024 5 > cachesize 10000 > suffix "dc=tux,dc=dyndns,dc=org" > rootdn "cn=Manager,dc=tux,dc=dyndns,dc=org" > # Cleartext passwords, especially for the rootdn, should > # be avoid. See slappasswd(8) and slapd.conf(5) for details. > # Use of strong authentication encouraged. > rootpw secret > # The database directory MUST exist prior to running slapd AND > # should only be accessible by the slapd and slap tools. > # Mode 700 recommended. > directory /var/lib/ldap > # Indices to maintain > index objectClass eq > index cn pres,sub,eq > index sn pres,sub,eq > index uid pres,sub,eq > index displayName pres,sub,eq > index uidNumber eq > index gidNumber eq > index memberUid eq > index sambaSID eq > index sambaPrimaryGroups eq > index sambaDomainName eq > index default sub > > When I try to execute the index by doing : > tux:/usr/sbin # ./slapindex -f /etc/openldap/slapd.conf > > I end up with the following error: > /etc/openldap/schema/samba.schema: line 340: AttributeType not found: > "gidNumber" > slapindex: bad configuration file! > > I have been follow the exsample from The Official Samba-3 HOWTO and > Reference Guide. > > Can someone help me past this error please See above. - John T. > > Thanks in advance > Barry -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
