There are new versions of openldap-2.3.27-4.el4.centos in the testing repository for i386 and x86_64.
http://wiki.centos.org/Repositories (for info on the testing repository)
This version of openldap is the current version in RHEL5B2 and Fedora Core 6.
The purpose of this build is that I modified openldap to produce the smbk5pwd overlay from the contrib directory in the openldap source.
smbk5pwd is an openldap module/overlay that keeps a Samba PDC's LDAP passwords in sync regardless of if the change is made via LDAP (ldappasswd), windows (usually smbpasswd), or Unix (passwd). If any of the 3 LDAP passwords are modified, the overlay modifies all three ... keeping them in sync.
I have tested this version on 3 servers in a test environment on i386.
Instructions on how to setup the slapd.conf file are included in /usr/share/doc/openldap-servers-xxxx/README.smbk5pwd
This version requires you to upgrade your databases if you are using a bdb backend ... you need to save your data before you upgrade .. something like this:
cd
service ldap stop
slapcat > slapcat.out
upgrade RPMS
cd /var/lib/ldap
remove all old databases
make sure you have a DB_CONFIG file in /var/lib/ldap
modify your /etc/openldap/slapd.conf file to point to these (they used to be in /var/run with no openldap dir):
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
also add this index to slap.conf:
index uniqueMember pres
see the above listed README file if you want to add smbk5pwd
slapadd ~/slapcat.out
chown -R ldap.ldap /var/lib/ldap
slaptest
slapindex -v
service ldap start ------------------------------------
Thanks, Johnny Hughes
On Mon, 2006-12-25 at 12:52 -0600, Johnny Hughes wrote:
<SNIP> There where a few things wrong with my directions :(
This version requires you to upgrade your databases if you are using a bdb backend ... you need to save your data before you upgrade .. something like this:
cd
service ldap stop
slapcat > slapcat.out
upgrade RPMS
cd /var/lib/ldap
remove all old databases
make sure you have a DB_CONFIG file in /var/lib/ldap
modify your /etc/openldap/slapd.conf file to point to these (they used to be in /var/run with no openldap dir):
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
also add this index to slap.conf:
index uniqueMember pres
see the above listed README file if you want to add smbk5pwd
slapadd ~/slapcat.out
--------^^^^^
(should be):
slapadd -l ~/slapcat.out
chown -R ldap.ldap /var/lib/ldap
slaptest
slapindex -v
(Prior to restarting ldap, you need to look at the permissions of the files again ... sometimes when running slapindex the files are produced as root and not ldap. I did not see a way to pass in the user name. So, another chown here will prevent issues):
chown -R ldap.ldap /var/lib/ldap
service ldap start
That should work ... I have moved this version of openldap into production on my companies samba PDCs ... it seems to work well.
Thanks, Johnny Hughes
-
Johnny Hughes -
Johnny Hughes