====== openLDAP ======
We use openLDAP for central user/group authentication. 

===== configuration =====

the base configuration of LDAP is as follows :
<code>
dn: dc=visielab,dc=be
objectClass: top
objectClass: dcObject
objectClass: organization
o: uantwerpen
dc: visielab
structuralObjectClass: organization

dn: cn=admin,dc=visielab,dc=be
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9emdJcVpQUW1RUmYrNVRvZmp1K2o4SEZrWnk5NFovQjI=
structuralObjectClass: organizationalRole

dn: ou=People,dc=visielab,dc=be
objectClass: organizationalUnit
ou: People
structuralObjectClass: organizationalUnit
entryUUID: 2c2dcb08-ba3b-1037-8cb5-05243b87b858

dn: ou=Groups,dc=visielab,dc=be
objectClass: organizationalUnit
ou: Groups
structuralObjectClass: organizationalUnit
</code>
The password for the LDAP administrator is <decrypt>U2FsdGVkX188oAhSBhTcq1PjbyaLXYgfu6B9e681TIU=</decrypt> The backend used for openLDAP is **mdb**. The database is in the directory **/var/lib/ldap/**. \\ The configuration of the ldap server can be found here -> **/etc/ldap** . Extra schema's have been added, for **autofs** and **samba**. I followed this excellent howtoo -> https://help.ubuntu.com/lts/serverguide/samba-ldap.html\\  Don't forget to install the **smbldap-tools** ! These will be used to add users, groups, modify passwords, shells, etc. They act on the **samba accounts** as well as the **unix accounts** at the same time. 
===== autofs =====
We will use autofs to automount the users homedir, when a user logs in. The next entries are needed to get autofs to work with openldap:
<code>
root@sto3:~# cat automounttree.ldif 
dn: ou=adminm,dc=visielab,dc=be
ou: adminm
objectClass: top
objectClass: organizationalUnit

dn: ou=automount,ou=adminm,dc=visielab,dc=be
ou: automount
objectClass: top
objectClass: organizationalUnit

dn: ou=auto.master,ou=automount,ou=adminm,dc=visielab,dc=be
ou: auto.master
objectClass: top
objectClass: automountMap


dn: cn=/data/home,ou=auto.master,ou=automount,ou=adminm,dc=visielab,dc=be
cn: /data/home
objectClass: top
objectClass: automount
automountInformation: ldap:ou=auto.home,ou=automount,ou=adminm,dc=visielab,dc=be --timeout=60 --ghost


dn: ou=auto.home,ou=automount,ou=adminm,dc=visielab,dc=be
ou: auto.home
objectClass: top
objectClass: automountMap
</code>

For a user to be able to automount his homedir, the next entry is also needed , in this case for a user named **testuser2**
<code>
dn: cn=testuser2,ou=auto.home,ou=automount,ou=adminm,dc=visielab,dc=be
cn: testuser2
objectClass: top
objectClass: automount
automountInformation: -intr sto3-visiesrv-fast:/data/home/testuser2
</code>
sto3-visiesrv-fast is the ip address of the storage server but via the fast 10GB interface, in this case 10.0.0.10. Best to define this in the host file of the server where you want to work on.