smbldap_conf

code
 * 1) General Configuration
 * 1) General Configuration
 * 1) General Configuration

SID="S-1-5-21-1169193956-4199179787-2206793627"
 * 1) Put your own SID. To obtain this number do: "net getlocalsid".
 * 2) If not defined, parameter is taking from "net getlocalsid" return

sambaDomain="GR2"
 * 1) Domain name the Samba server is in charged.
 * 2) If not defined, parameter is taking from smb.conf configuration file
 * Ex: sambaDomain="IDEALX-NT"


 * 1) LDAP Configuration
 * 1) LDAP Configuration
 * 1) LDAP Configuration


 * 1) Notes: to use to dual ldap servers backend for Samba, you must patch
 * 2) Samba with the dual-head patch from IDEALX. If not using this patch
 * 3) just use the same server for slaveLDAP and masterLDAP.
 * 4) Those two servers declarations can also be used when you have
 * 5) . one master LDAP server where all writing operations must be done
 * 6) . one slave LDAP server where all reading operations must be done
 * 7) (typically a replication directory)

slaveLDAP="127.0.0.1"
 * 1) Slave LDAP server
 * Ex: slaveLDAP=127.0.0.1
 * 1) If not defined, parameter is set to "127.0.0.1"

slavePort="389"
 * 1) Slave LDAP port
 * 2) If not defined, parameter is set to "389"

masterLDAP="127.0.0.1"
 * 1) Master LDAP server: needed for write operations
 * Ex: masterLDAP=127.0.0.1
 * 1) If not defined, parameter is set to "127.0.0.1"

masterPort="389"
 * 1) Master LDAP port
 * 2) If not defined, parameter is set to "389"

ldapTLS="0"
 * 1) Use TLS for LDAP
 * 2) If set to 1, this option will use start_tls for connection
 * 3) (you should also used the port 389)
 * 4) If not defined, parameter is set to "1"

verify="require"
 * 1) How to verify the server's certificate (none, optional or require)
 * 2) see "man Net::LDAP" in start_tls section for more details

cafile="/etc/smbldap-tools/ca.pem"
 * 1) CA certificate
 * 2) see "man Net::LDAP" in start_tls section for more details

clientcert="/etc/smbldap-tools/smbldap-tools.pem"
 * 1) certificate to use to connect to the ldap server
 * 2) see "man Net::LDAP" in start_tls section for more details

clientkey="/etc/smbldap-tools/smbldap-tools.key"
 * 1) key certificate to use to connect to the ldap server
 * 2) see "man Net::LDAP" in start_tls section for more details

suffix="dc=gr2,dc=linux"
 * 1) LDAP Suffix
 * Ex: suffix=dc=IDEALX,dc=ORG

usersdn="ou=people,${suffix}"
 * 1) Where are stored Users
 * Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
 * 1) Warning: if 'suffix' is not set here, you must set the full dn for usersdn

computersdn="ou=computer,${suffix}"
 * 1) Where are stored Computers
 * Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
 * 1) Warning: if 'suffix' is not set here, you must set the full dn for computersdn

groupsdn="ou=group,${suffix}"
 * 1) Where are stored Groups
 * Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG"
 * 1) Warning: if 'suffix' is not set here, you must set the full dn for groupsdn

idmapdn="ou=idmap,${suffix}"
 * 1) Where are stored Idmap entries (used if samba is a domain member server)
 * Ex: groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"
 * 1) Warning: if 'suffix' is not set here, you must set the full dn for idmapdn

sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
 * 1) Where to store next uidNumber and gidNumber available for new users and groups
 * 2) If not defined, entries are stored in sambaDomainName object.
 * Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
 * Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"

scope="sub"
 * 1) Default scope Used

hash_encrypt="MD5"
 * 1) Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)

crypt_salt_format="%s"
 * 1) if hash_encrypt is set to CRYPT, you may set a salt format.
 * 2) default is "%s", but many systems will generate MD5 hashed
 * 3) passwords if you use "$1$%.8s". This parameter is optional!


 * 1) Unix Accounts Configuration
 * 1) Unix Accounts Configuration
 * 1) Unix Accounts Configuration

userLoginShell="/bin/bash"
 * 1) Login defs
 * 2) Default Login Shell
 * Ex: userLoginShell="/bin/bash"

userHome="/home/%U"
 * 1) Home directory
 * Ex: userHome="/home/%U"

userHomeDirectoryMode="700"
 * 1) Default mode used for user homeDirectory

userGecos="System User"
 * 1) Gecos

defaultUserGid="513"
 * 1) Default User (POSIX and Samba) GID

defaultComputerGid="515"
 * 1) Default Computer (Samba) GID

skeletonDir="/etc/skel"
 * 1) Skel dir

defaultMaxPasswordAge="365"
 * 1) Default password validation time (time in days) Comment the next line if
 * 2) you don't want password to be enable for defaultMaxPasswordAge days (be
 * 3) careful to the sambaPwdMustChange attribute's value)


 * 1) SAMBA Configuration
 * 1) SAMBA Configuration
 * 1) SAMBA Configuration

userSmbHome=""
 * 1) The UNC path to home drives location (%U username substitution)
 * 2) Just set it to a null string if you want to use the smb.conf 'logon home'
 * 3) directive and/or disable roaming profiles
 * Ex: userSmbHome="\\PDC-SMB3\%U"

userProfile=""
 * 1) The UNC path to profiles locations (%U username substitution)
 * 2) Just set it to a null string if you want to use the smb.conf 'logon path'
 * 3) directive and/or disable roaming profiles
 * Ex: userProfile="\\PDC-SMB3\profiles\%U"

userHomeDrive="U:"
 * 1) The default Home Drive Letter mapping
 * 2) (will be automatically mapped at logon time if home directory exist)
 * Ex: userHomeDrive="H:"

userScript="logon.bat"
 * 1) The default user netlogon script name (%U username substitution)
 * 2) if not used, will be automatically username.cmd
 * 3) make sure script file is edited under dos
 * Ex: userScript="startup.cmd" # make sure script file is edited under dos


 * 1) Domain appended to the users "mail"-attribute
 * 2) when smbldap-useradd -M is used
 * Ex: mailDomain="idealx.com"
 * 1) mailDomain="example.com"


 * 1) SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
 * 1) SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
 * 1) SMBLDAP-TOOLS Configuration (default are ok for a RedHat)

with_smbpasswd="0" smbpasswd="/usr/bin/smbpasswd"
 * 1) Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
 * 2) prefer Crypt::SmbHash library

with_slappasswd="0" slappasswd="/usr/sbin/slappasswd"
 * 1) Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)
 * 2) but prefer Crypt:: libraries

code
 * 1) comment out the following line to get rid of the default banner
 * 2) no_banner="1"