We use openLDAP for central user/group authentication.
the base configuration of LDAP is as follows :
dn: dc=visielab,dc=be objectClass: top objectClass: dcObject objectClass: organization o: uantwerpen dc: visielab structuralObjectClass: organization dn: cn=admin,dc=visielab,dc=be objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: e1NTSEF9emdJcVpQUW1RUmYrNVRvZmp1K2o4SEZrWnk5NFovQjI= structuralObjectClass: organizationalRole dn: ou=People,dc=visielab,dc=be objectClass: organizationalUnit ou: People structuralObjectClass: organizationalUnit entryUUID: 2c2dcb08-ba3b-1037-8cb5-05243b87b858 dn: ou=Groups,dc=visielab,dc=be objectClass: organizationalUnit ou: Groups structuralObjectClass: organizationalUnit
The password for the LDAP administrator is •••••••••• The backend used for openLDAP is mdb. The database is in the directory /var/lib/ldap/.
The configuration of the ldap server can be found here → /etc/ldap . Extra schema's have been added, for autofs and samba. I followed this excellent howtoo → https://help.ubuntu.com/lts/serverguide/samba-ldap.html
Don't forget to install the smbldap-tools ! These will be used to add users, groups, modify passwords, shells, etc. They act on the samba accounts as well as the unix accounts at the same time.
We will use autofs to automount the users homedir, when a user logs in. The next entries are needed to get autofs to work with openldap:
root@sto3:~# cat automounttree.ldif dn: ou=adminm,dc=visielab,dc=be ou: adminm objectClass: top objectClass: organizationalUnit dn: ou=automount,ou=adminm,dc=visielab,dc=be ou: automount objectClass: top objectClass: organizationalUnit dn: ou=auto.master,ou=automount,ou=adminm,dc=visielab,dc=be ou: auto.master objectClass: top objectClass: automountMap dn: cn=/data/home,ou=auto.master,ou=automount,ou=adminm,dc=visielab,dc=be cn: /data/home objectClass: top objectClass: automount automountInformation: ldap:ou=auto.home,ou=automount,ou=adminm,dc=visielab,dc=be --timeout=60 --ghost dn: ou=auto.home,ou=automount,ou=adminm,dc=visielab,dc=be ou: auto.home objectClass: top objectClass: automountMap
For a user to be able to automount his homedir, the next entry is also needed , in this case for a user named testuser2
dn: cn=testuser2,ou=auto.home,ou=automount,ou=adminm,dc=visielab,dc=be cn: testuser2 objectClass: top objectClass: automount automountInformation: -intr sto3-visiesrv-fast:/data/home/testuser2
sto3-visiesrv-fast is the ip address of the storage server but via the fast 10GB interface, in this case 10.0.0.10. Best to define this in the host file of the server where you want to work on.