How to set up a PDC using SuSE Linux 9
======================================

1. slappasswd
   enter password twice
   remember hash incl. {SSHA}, e.g. using the mouse buffer

2. mcedit /etc/openldap/slapd.conf
   add the following lines:

   include         /etc/openldap/schema/samba3.schema

       ...

   access to attr=sambaLMPassword,sambaNTPassword,sambaPasswordHistory
        by self write
        by * auth


   omit ",sambaPasswordHistory" if you use older systems than SuSE 9.2

   replace sample values:

   suffix          "dc=mydomain,dc=myfirstleveldomain"
   rootdn          "cn=Manager,dc=mydomain,dc=myfirstleveldomain"
   rootpw          {SSHA}jsdhe78dfhksgrv74zrjJuzZahdjUIjh

3. rcldap start

4. adapt ldap client:
   yast - Network Services - Ldap Client:
   set Base dn, set address, NO TLS/SSL (use TLS with SLES)
   Finish

5. insert containers:

     #!/bin/bash
     # Add organizational units to an empty LDAP database
     # Author: Andreas Graf
     # call: ./manager
     ADMIN=Manager
     ADMINPASSWD=geheim
     DOMAIN1=local
     DOMAIN2=classroom
     ldapadd -x -D "cn=$ADMIN,dc=$DOMAIN2,dc=$DOMAIN1" -w $ADMINPASSWD <<EOF
     dn: dc=$DOMAIN2,dc=$DOMAIN1
     objectclass: dcObject
     objectclass: organization
     o: $DOMAIN2
     dc: $DOMAIN2
     EOF

     ldapadd -x -D "cn=$ADMIN,dc=$DOMAIN2,dc=$DOMAIN1" -w $ADMINPASSWD <<EOF
     dn: cn=$ADMIN,dc=$DOMAIN2,dc=$DOMAIN1
     objectclass: organizationalRole
     cn: $ADMIN
     EOF

     ldapadd -x -D "cn=$ADMIN,dc=$DOMAIN2,dc=$DOMAIN1" -w $ADMINPASSWD <<EOF
     dn: ou=group,dc=$DOMAIN2,dc=$DOMAIN1
     objectClass: top
     objectClass: organizationalUnit
     ou: group
     EOF

     ldapadd -x -D "cn=$ADMIN,dc=$DOMAIN2,dc=$DOMAIN1" -w $ADMINPASSWD <<EOF
     dn: ou=people,dc=$DOMAIN2,dc=$DOMAIN1
     objectClass: top
     objectClass: organizationalUnit
     ou: people
     EOF

     ldapadd -x -D "cn=$ADMIN,dc=$DOMAIN2,dc=$DOMAIN1" -w $ADMINPASSWD <<EOF
     dn: ou=Idmap,dc=$DOMAIN2,dc=$DOMAIN1
     objectClass: top
     objectClass: organizationalUnit
     ou: Idmap
     EOF

     ldapadd -x -D "cn=$ADMIN,dc=$DOMAIN2,dc=$DOMAIN1" -w $ADMINPASSWD <<EOF
     dn: ou=Computers,dc=$DOMAIN2,dc=$DOMAIN1
     objectClass: top
     objectClass: organizationalUnit
     ou: Computers
     EOF

6. adapt LDAP server and client

   yast - Network Services - Ldap Client - Advanced Configuration:
   select File Server
   select Enable Login
   insert Administrator dn
   select Create Default Configuration Objects
   Next - Finish

   if desired, adapt thefollowing using yast, gq or a similar tool

      cn=usertemplate,ou=ldapconfig,dc=graf,dc=local

      homedirectory=/users/%uid

   to distiguish between local and global users

   possibly adapt uid-regions, hash method, or other parameters

   if the root directory has been changed, create /users and export
   it using NFS

7. configure Samba

   mcedit /etc/samba/smb.conf:

   insert the following line in Sektion [global]:

   passdb backend = ldapsam

   yast - Network Services - Samba Server - Start up
   booting on
   may be you have to adapt the firewall

   change to tab "Identity"
   insert domain name
   select PDB
   Advanced Settings - Ldap Settings:
      fill the Search Base DN and Administration DN fields
      set administrator password

   Finish, type admin passwort

   OK - OK - type password twice
   Finish

8. activate Swat

   yast - Network Services - Network Services
   enable
   look for swat, Toggle Status at the FIRST occurance, and only there
     (must be On)
   Finish

   mcedit /etc/xinetd.d/swat
   adapt or comment ot "only_from"

   rcxinetd restart

9. create (add) user(s) using yast

10. create (add) user(s) using swat (browser  http://server:901)


In case Novell/SUSE Enterprise Server 9 is used, some values are
already pre-set or will be set as standard when the corresponding
yast modules are activated.


