ldapsmb(5)ldapsmb(5)NAMEldapsmb - LDAP-Managment-Tool for a Samba Domain Controller
SYNOPSISldapsmb [options]
Main Options:
--add|-a Add something
--config Show configuration
--delete|-d Delete something
--group|-g <groupname> Set Group-Name
--help|-h|? Display help
--init|-i Initialize LDAP
--join|-j Join a user to a group
--list|-l List Something
--modify|-m Modify something
--remove|-r Remove a user from a group
--smbacct|-s Promote to samba-Account
--user|-u <username> Set User-Name
--workstation|-wks <workstationname> Set Workstation-Name
Global Options:
--bindpw <password> LDAP bind password
--debug <n> Select debug-level (default: 3)
--force|-f Force execution
--mode Select mode (default: local)
--quiet|-q No output
--raw Raw list-output
--smbconf <smb.conf> Choose another configfile
--verbose|-v Verbose output
--version Display version
--logfile <logfile> Specify logfile (default: @LOGFILE@)
Misc Options:
--comment|-c <comment> Set Comment
--gid <n> Set Gid-Number
--homedir <home directory> Set Home-Directory
--makehomedir Make Home-Directory
--ntgroup <ntgroupname> Set NT-Groupname
--passwd <password> Set Password
--rid <n> Set Rid for Samba account
--shell <login shell> Set Loginshell
--skeldir|-k <skeleton dir> Define Skeleton-Dir
--uid <n> Set Uid-Number
--username <username> Set Username
DESCRIPTIONldapsmb will create and delete Posix-Accounts for users, groups and
workstations in your LDAP-Directory. Although designed for Samba
3.0/HEAD it should work for Samba 2.2.x as well. Furthermore ldapsmb
should provide all necessary scripting-hooks to fullfill a clean "net
rpc vampire" - Migration of a NT4/2000 Domain Controller to a Samba 3.0
PDC.
ldapsmb can run in two modes:
local: your smbd is running on the same machine where B<ldapsmb> is called.
remote: your smbd is running on another machine.
All LDAP relevant configuration data will be autodetected if possible.
Your password can be autodetected as well, as long as you have read
permission on your secrets.tdb where your admin password will be stored
after you have called smbpasswd -w adminpassword. If you have not done
that (e. g. running in remote mode) you have to set the password
manually in ldapsmb.
The file "~/.ldapsmbrc" could be used to set additional configuration
parameters not yet part of the smb.conf.
MAIN OPTIONS
--add|-a
Add an account. Requires --user|-u, --group|-g or
--workstation|-wks. Can be combined with -smbacct do promote
the posixAccount to a full sambaAccount if running in local-
mode.
--config
Show the config that will be used (the result of all
autodetections).
--delete|-d
Delete an account. Requires --user|-u, --group|-g or
--workstation|-wks.
--group|-g "groupname"
Define a groupname. Requires -add, -delete, -list, -join or
-remove.
--help|-h
Print a brief help message and exits.
--init|-i
to be documented...
--join|-j
Join a LDAP-PosixAccount to a LDAP-PosixGroup. Requires
--user|-u and --group|-g. A corresponding memberUid-attribute
with the given username will be added to the posixGroup-object.
--list|-l
List an account. Requires --user|-u, --group|-g or
--workstation|-wks. If no user, group or workstation is
specified, all entries of the specific account are listed.
--mode "mode"
Choose in which mode ldapsmb should run (local, remote). If
running in local mode (the default) it will check for ldap-
support in smbd, look for a secrets-tdb to retrieve the
password, etc. If running in remote-mode, you need to assign a
config-file with --smbconf /path/to_my/smb.conf and you need to
write your admin-password into ldapsmb. Adding or promoting
Accounts to full LDAP-Accounts is currently only available in
local mode.
--modify|-m
Modify an account. Requires --user|-u, --group|-g or
--workstation|-wks.
--raw Raw output while listing.
--smbacct
Trigger all necessary steps to make either a user, a group or a
workstation a full Samba-Account. This option will be
redesigned in the future. It was added by Lars MA~Xller to ease
Samba 2.2-Administration but really makes not very much sense
for Samba 3.0. By default samba-specific information are not
added.
--remove|-r
Remove a LDAP-PosixAccount from a LDAP-PosixGroup. Requires
-user and -group. If existant, the memberUid-attribute for a
given username will be removed from the posixGroup-object.
--user|-u "username"
Define a username. Requires -add, -delete, -list, -join or
-remove.
--workstation|-wks "workstation"
Define a workstation. Requires -add, -delete, -list, -join or
-remove.
GLOBAL OPTIONS--debug n
Use an debuglevel. You can choose between 3 (default), 5 and 10
(full debugging).
--force|-f
Force execution.
--quiet|-q
No output.
--smbconf smb.conf
Use another smb.conf-file instead of the default location. Needed
for running in remote mode.
--verbose|-v
Prints additional information if possible.
--version
Prints the version and exits.
MISC OPTIONS
--comment|-c "comment"
Set a comment for a given user while adding or modifying a user.
--homedir "homedir"
Set the user's login directory while adding or modifying a user.
The default is to append the login name to default_home and use
that as the login directory name.
--makehomedir
Create user's home directory while adding a user. The files
contained in /etc/skeleton will be copied to the home directory.
--passwd "pwd"
Set a password for a given user while adding or modifying a user.
If no password is set, the password is identical with the userid
(FIXME).
--shell "shell"
Set the login shell while adding or modifying a user. The default
is to leave this field blank, which causes the system to select the
default login shell.
--skeldir skeldir
Set a different skeleton directory while using the -makehomedir
option.
EXAMPLES
"ldapsmb -a -u gd -passwd 'secret' -smbacct"
This will create a user called gd in LDAP and will add all required
information to make that a full samba-Account.
"ldapsmb -j -u lmuelle -g admins"
This will add the user lmuelle to the admins-group in ldap.
AUTHOR
GA~Xnther Deschner <gd@suse.de> Lars MA~Xller <lmuelle@suse.de> BjA~Xrn
Jacke <bjoern@j3e.de>
If you find any errors in the code please let me know at gd@suse.de.
BUGSldapsmb is not yet fully UNICODE-aware. ldapsmb does not yet deal with
idmap in ldap. Both features will be added in a future release.
VERSION
This is version @VERSION@ of ldapsmb.
COPYRIGHT
Copyright (c) 2003-2005 SuSE Linux AG. All rights reserved.
This program is free software; you can redistribute it and/or modify it
under the same terms as Perl itself.
POD ERRORS
Hey! The above document had some coding errors, which are explained
below:
Around line 159:
You forgot a '=back' before '=head1'
Around line 161:
'=item' outside of any '=over'
Around line 187:
You forgot a '=back' before '=head1'
Around line 189:
'=item' outside of any '=over'
1.34b 2006-11-01 ldapsmb(5)