LDAP & Samba management with LAM on Debian Squeeze

1. Console Tools

There are a number of console tools for LDAP and Samba control:

  • smbldap-groupadd
  • smbldap-groupmod
  • smbldap-passwd
  • smbldap-useradd
  • smbldap-userinfo
  • smbldap-usermod
  • smbldap-groupdel
  • smbldap-groupshow
  • smbldap-populate
  • smbldap-userdel
  • smbldap-userlist
  • smbldap-usershow

Your are free to use them in interactive way or write some scripts. Some operations e.g. import of users can be done much more faster with their help than in any GUI tool. Names tell enough about their functioinality.

2. Ldap-account-manager

This tool is quite good for LDAP+Samba combination but works also fine without Samba. It can be installed from repos.

$sudo apt-get install ldap-account-manager

It will install Apache2 and some other stuff as dependency.

Additionaly you can buy LAM Pro with additional features.

3. LAM Setup

First of all install and setup LDAP and Samba as described here . Then you can login to LAM by opening URL http://your_server_address_or_name/lam

First of all you should setup the configuration:

To acess Control Panel you need the password, by default it's 'lam' (without quotes):

Then you can check your settings on 'Genaral' page:

Here you can set LDAP server address, enable TLS encryption. 'Tree suffix' must be the same as 'Base DN' option in LDAP configuration.

Choose your language if you want.

LAM Daemon options. Keep them as-is for now.

Set LDAP super admin account. For example: cn=admin,dc=ldap

Don't forget to set your account types according to slapd.conf

I've set user accounts to: ou=People,dc=ldap

Set user groups for domain: ou=group,dc=ldap

Then set group for computers: ou=computer,dc=ldap

And finally set Samba domain: dc=ldap

Then we can try to login ....

If you want to manage a number of LDAP-servers you can create profile for each. Whant I advise NOT to do is to rename profiles. Everything became broken after I tried to.

Now we can take some controll:

LAM is writted with active AJAX usage and your settings are applied immediately without additional buttonpressing.

There is also Utility to test configurations.

NB: Configuration updates are applied with small delays. If you experience problems you may also restart slapd and samba services.

3. LAM in comparison to GOsa2

Comparing to GOsa2 LAM has the followin benefits:

  1. It's more close to that is called 'unix-way' as splitted to utitities for each operatioins
  2. LAM doesn't wase your LDAP-catalog with own data

But GOsa2 has better integration.

This article was originally translated from: [RU]