Moin,
ich versuche seit einer langen Weile erfolglos meine ersten Schritte mit LDAP zu machen. Ich habe einen QNAP, der in der Benutzerverwaltung einen OpenLDAP Server nutzt. Zugriff auf den Dateiserver via Dolphin/samba funktioniert wunderbar. Jetzt würde ich gerne auch meinen Rechner so einrichten, das die beim NAS eingerichtenten Benutzer sich authentifizieren können.
Allerdings habe ich dabei mit jeder Anleitung, die ich zu dem Thema Ubuntu + Openldap finden konnte keinen Erfolg.
Was ich hinbekommen habe ist ein Anzeigen der ldif mit ldapsearch
ldapsearch -x -b 'dc=ldap,dc=mydomain,dc=de' -D'cn=admin,dc=ldap,dc=mydomain,dc=de' -H ldap://192.168.5.10 -W
resultiert in
# extended LDIF # # LDAPv3 # base <dc=ldap,dc=mydomain,dc=de> with scope subtree # filter: (objectclass=*) # requesting: ALL # # ldap.mydomain.de dn: dc=ldap,dc=mydomain,dc=de dc: ldap objectClass: domain # people, ldap.mydomain.de dn: ou=people,dc=ldap,dc=mydomain,dc=de ou: people objectClass: organizationalUnit # group, ldap.mydomain.de dn: ou=group,dc=ldap,dc=mydomain,dc=de ou: group objectClass: organizationalUnit # idpoolconf, ldap.mydomain.de dn: ou=idpoolconf,dc=ldap,dc=mydomain,dc=de ou: idpoolconf objectClass: organizationalUnit # minid, idpoolconf, ldap.mydomain.de dn: cn=minid,ou=idpoolconf,dc=ldap,dc=mydomain,dc=de cn: minid uidNumber: 1000000 gidNumber: 1000000 objectClass: organizationalRole objectClass: sambaUnixIdPool # maxid, idpoolconf, ldap.mydomain.de dn: cn=maxid,ou=idpoolconf,dc=ldap,dc=mydomain,dc=de cn: maxid uidNumber: 2000000 gidNumber: 2000000 objectClass: organizationalRole objectClass: sambaUnixIdPool # curid, idpoolconf, ldap.mydomain.de dn: cn=curid,ou=idpoolconf,dc=ldap,dc=mydomain,dc=de cn: curid objectClass: organizationalRole objectClass: sambaUnixIdPool gidNumber: 1000010 uidNumber: 1000012 # maxnum, idpoolconf, ldap.mydomain.de dn: cn=maxnum,ou=idpoolconf,dc=ldap,dc=mydomain,dc=de cn: maxnum uidNumber: 100000 gidNumber: 100000 objectClass: organizationalRole objectClass: sambaUnixIdPool # ldap, ldap.mydomain.de dn: sambaDomainName=ldap,dc=ldap,dc=mydomain,dc=de objectClass: sambaDomain sambaDomainName: ldap sambaSID: S-1-5-21-581542813-1543657442-898407133 sambaAlgorithmicRidBase: 1000 sambaMinPwdLength: 5 sambaPwdHistoryLength: 0 sambaLogonToChgPwd: 0 sambaMaxPwdAge: -1 sambaMinPwdAge: 0 sambaLockoutDuration: 30 sambaLockoutObservationWindow: 30 sambaLockoutThreshold: 0 sambaForceLogoff: -1 sambaRefuseMachinePwdChange: 0 sambaNextUserRid: 1022 # Domain Users, group, ldap.mydomain.de dn: cn=Domain Users,ou=group,dc=ldap,dc=mydomain,dc=de objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping objectClass: sambaIdmapEntry objectClass: apple-group cn: Domain Users gidNumber: 1000000 sambaGroupType: 2 sambaSID: S-1-5-21-581542813-1543657442-898407133-1000 displayName: Domain Users description: default user group memberUid: ldap-it-master memberUid: benutzername2.nachname memberUid: benutzername1.nachname memberUid: scanner1 memberUid: scanner2 memberUid: benutzername2.nachname.mobile memberUid: it-user memberUid: benutzername1.nachname.mobile memberUid: ldap-ltsp-admin memberUid: user3 memberUid: backupuser memberUid: readonlyadmin # everyone, group, ldap.mydomain.de dn: cn=everyone,ou=group,dc=ldap,dc=mydomain,dc=de objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping objectClass: sambaIdmapEntry objectClass: apple-group cn: everyone gidNumber: 1000001 sambaGroupType: 2 sambaSID: S-1-5-21-581542813-1543657442-898407133-1001 displayName: everyone # administrators, group, ldap.mydomain.de dn: cn=administrators,ou=group,dc=ldap,dc=mydomain,dc=de objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping objectClass: sambaIdmapEntry objectClass: apple-group cn: administrators gidNumber: 1000002 sambaGroupType: 2 sambaSID: S-1-5-21-581542813-1543657442-898407133-1002 displayName: administrators memberUid: ldap-it-master memberUid: 9 # management, group, ldap.mydomain.de dn: cn=management,ou=group,dc=ldap,dc=mydomain,dc=de objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping objectClass: sambaIdmapEntry objectClass: apple-group cn: management gidNumber: 1000003 sambaGroupType: 2 sambaSID: S-1-5-21-581542813-1543657442-898407133-1003 displayName: management memberUid: benutzername2.nachname memberUid: benutzername1.nachname # devices, group, ldap.mydomain.de dn: cn=devices,ou=group,dc=ldap,dc=mydomain,dc=de objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping objectClass: sambaIdmapEntry objectClass: apple-group cn: devices gidNumber: 1000004 sambaGroupType: 2 sambaSID: S-1-5-21-581542813-1543657442-898407133-1004 displayName: devices memberUid: scanner1 memberUid: scanner2 # mobile_users, group, ldap.mydomain.de dn: cn=mobile_users,ou=group,dc=ldap,dc=mydomain,dc=de objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping objectClass: sambaIdmapEntry objectClass: apple-group cn: mobile_users gidNumber: 1000005 sambaGroupType: 2 sambaSID: S-1-5-21-581542813-1543657442-898407133-1005 displayName: mobile_users memberUid: benutzername2.nachname.mobile memberUid: benutzername1.nachname.mobile # it-user, group, ldap.mydomain.de dn: cn=it-user,ou=group,dc=ldap,dc=mydomain,dc=de objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping objectClass: sambaIdmapEntry objectClass: apple-group cn: it-user gidNumber: 1000006 sambaGroupType: 2 sambaSID: S-1-5-21-581542813-1543657442-898407133-1006 displayName: it-user memberUid: it-user # ldap-admins, group, ldap.mydomain.de dn: cn=ldap-admins,ou=group,dc=ldap,dc=mydomain,dc=de objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping objectClass: sambaIdmapEntry objectClass: apple-group cn: ldap-admins gidNumber: 1000007 sambaGroupType: 2 sambaSID: S-1-5-21-581542813-1543657442-898407133-1007 displayName: ldap-admins memberUid: ldap-ltsp-admin memberUid: readonlyadmin # Labuser, group, ldap.mydomain.de dn: cn=Labuser,ou=group,dc=ldap,dc=mydomain,dc=de objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping objectClass: sambaIdmapEntry objectClass: apple-group cn: Labuser gidNumber: 1000008 sambaGroupType: 2 sambaSID: S-1-5-21-581542813-1543657442-898407133-1008 displayName: Labuser memberUid: user3 # backupuser, group, ldap.mydomain.de dn: cn=backupuser,ou=group,dc=ldap,dc=mydomain,dc=de objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping objectClass: sambaIdmapEntry objectClass: apple-group cn: backupuser gidNumber: 1000009 sambaGroupType: 2 sambaSID: S-1-5-21-581542813-1543657442-898407133-1009 displayName: backupuser memberUid: backupuser # ldap-it-master, people, ldap.mydomain.de dn: uid=ldap-it-master,ou=people,dc=ldap,dc=mydomain,dc=de objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: sambaIdmapEntry objectClass: apple-user cn: ldap-it-master sn: ldap-it-master uid: ldap-it-master uidNumber: 1000000 gidNumber: 1000000 userPassword:: e0NSWVBUfSQxJFFhRXdWdVdMJHZWMS9UZndkRzd0azNLUldDVFlJMzE= homeDirectory: /home/ldap-it-master shadowLastChange: 19018 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 shadowExpire: -1 shadowInactive: 0 shadowFlag: 0 displayName: ldap-it-master sambaSID: S-1-5-21-581542813-1543657442-898407133-1010 sambaLMPassword: A7D19039BC90DB0DF4B2712C32AC14D0 sambaNTPassword: 9FEE5AAA861F9D8CC769CA7BF3B122AB sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdLastSet: 1643186588 sambaAcctFlags: [U ] sambaKickoffTime: 0 # benutzername2.nachname, people, ldap.mydomain.de dn: uid=benutzername2.nachname,ou=people,dc=ldap,dc=mydomain,dc=de objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: sambaIdmapEntry objectClass: apple-user cn: benutzername2.nachname sn: benutzername2.nachname uid: benutzername2.nachname uidNumber: 1000001 gidNumber: 1000000 userPassword:: e0NSWVBUfSQxJDhiRXdWbFdHJEh4NlBrWFJYbXFvbmp1LjYuNlRITS8= homeDirectory: /home/benutzername2.nachname shadowLastChange: 19018 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 shadowExpire: -1 shadowInactive: 0 shadowFlag: 0 displayName: benutzername2.nachname sambaSID: S-1-5-21-581542813-1543657442-898407133-1011 sambaLMPassword: A7D19039BC90DB0DB5EB7F3A6BC6FC11 sambaNTPassword: DC384809C26ACD57561384AF90188183 sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdLastSet: 1643186634 sambaAcctFlags: [U ] sambaKickoffTime: 0 # benutzername1.nachname, people, ldap.mydomain.de dn: uid=benutzername1.nachname,ou=people,dc=ldap,dc=mydomain,dc=de objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: sambaIdmapEntry objectClass: apple-user cn: benutzername1.nachname sn: benutzername1.nachname uid: benutzername1.nachname uidNumber: 1000002 gidNumber: 1000000 userPassword:: e0NSWVBUfSQxJGViRXdWRjlJJGM5dzBVenFLQzh1ZkpGdHpGb0NrSTA= homeDirectory: /home/benutzername1.nachname shadowLastChange: 19018 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 shadowExpire: -1 shadowInactive: 0 shadowFlag: 0 displayName: benutzername1.nachname sambaSID: S-1-5-21-581542813-1543657442-898407133-1012 sambaLMPassword: A7D19039BC90DB0D09BD60E199946D73 sambaNTPassword: F7C07C6EAFAE6C8F6E31E0A99B576D26 sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdLastSet: 1643186666 sambaAcctFlags: [U ] sambaKickoffTime: 0 # scanner1, people, ldap.mydomain.de dn: uid=scanner1,ou=people,dc=ldap,dc=mydomain,dc=de objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: sambaIdmapEntry objectClass: apple-user cn: scanner1 sn: scanner1 uid: scanner1 uidNumber: 1000003 gidNumber: 1000000 userPassword:: e0NSWVBUfSQxJEdlRXdWOXhGJGN4YzJMZUJ2WUdJUjNEdFFvaG43MC8= homeDirectory: /home/scanner1 shadowLastChange: 19018 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 shadowExpire: -1 shadowInactive: 0 shadowFlag: 0 displayName: scanner1 sambaSID: S-1-5-21-581542813-1543657442-898407133-1013 sambaLMPassword: B7F8D2FB0CBFD15F813BA6BD445BAE12 sambaNTPassword: 64C1E160B4CF3B4D47B2DEC5C70FA29F sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdLastSet: 1643186834 sambaAcctFlags: [U ] sambaKickoffTime: 0 # scanner2, people, ldap.mydomain.de dn: uid=scanner2,ou=people,dc=ldap,dc=mydomain,dc=de objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: sambaIdmapEntry objectClass: apple-user cn: scanner2 sn: scanner2 uid: scanner2 uidNumber: 1000004 gidNumber: 1000000 userPassword:: e0NSWVBUfSQxJG9lRXdWT1VIJEJKWVZocnBQekg5WEdqQ1c3MUwwVTA= homeDirectory: /home/scanner2 shadowLastChange: 19018 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 shadowExpire: -1 shadowInactive: 0 shadowFlag: 0 displayName: scanner2 sambaSID: S-1-5-21-581542813-1543657442-898407133-1014 sambaLMPassword: B7F8D2FB0CBFD15F813BA6BD445BAE12 sambaNTPassword: 08AE8114FB0DB84D1AF7A3E20D383B84 sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdLastSet: 1643186868 sambaAcctFlags: [U ] sambaKickoffTime: 0 # benutzername2.nachname.mobile, people, ldap.mydomain.de dn: uid=benutzername2.nachname.mobile,ou=people,dc=ldap,dc=mydomain,dc=de objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: sambaIdmapEntry objectClass: apple-user cn: benutzername2.nachname.mobile sn: benutzername2.nachname.mobile uid: benutzername2.nachname.mobile uidNumber: 1000005 gidNumber: 1000000 userPassword:: e0NSWVBUfSQxJGlmRXdWb1NLJFdGYmJMYWl0dDRYWUo3Qm55TVljZTA= homeDirectory: /home/benutzername2.nachname.mobile shadowLastChange: 19018 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 shadowExpire: -1 shadowInactive: 0 shadowFlag: 0 displayName: benutzername2.nachname.mobile sambaSID: S-1-5-21-581542813-1543657442-898407133-1015 sambaLMPassword: A7D19039BC90DB0D88579B84A35CC87E sambaNTPassword: 5138FB3452996E36C1A847B4EF6032A3 sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdLastSet: 1643186926 sambaAcctFlags: [U ] sambaKickoffTime: 0 # it-user, people, ldap.mydomain.de dn: uid=it-user,ou=people,dc=ldap,dc=mydomain,dc=de objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: sambaIdmapEntry objectClass: apple-user cn: it-user sn: it-user uid: it-user uidNumber: 1000006 gidNumber: 1000000 userPassword:: e0NSWVBUfSQxJENnRXdWcmxMJDZ3T3RZVC9jaU9jNE4zSTE0R2dkMi8= homeDirectory: /home/it-user shadowLastChange: 19018 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 shadowExpire: -1 shadowInactive: 0 shadowFlag: 0 displayName: it-user sambaSID: S-1-5-21-581542813-1543657442-898407133-1016 sambaLMPassword: A7D19039BC90DB0DE28890FB4D388949 sambaNTPassword: FE2D8BEF46B153453B2FB32713B34711 sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdLastSet: 1643186958 sambaAcctFlags: [U ] sambaKickoffTime: 0 # benutzername1.nachname.mobile, people, ldap.mydomain.de dn: uid=benutzername1.nachname.mobile,ou=people,dc=ldap,dc=mydomain,dc=de objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: sambaIdmapEntry objectClass: apple-user cn: benutzername1.nachname.mobile sn: benutzername1.nachname.mobile uid: benutzername1.nachname.mobile uidNumber: 1000007 gidNumber: 1000000 userPassword:: e0NSWVBUfSQxJG5nRXdWL1NGJEJMbkZsUG0xemdKVEZDYVBHcENOLy8= homeDirectory: /home/benutzername1.nachname.mobile shadowLastChange: 19018 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 shadowExpire: -1 shadowInactive: 0 shadowFlag: 0 displayName: benutzername1.nachname.mobile sambaSID: S-1-5-21-581542813-1543657442-898407133-1017 sambaLMPassword: A7D19039BC90DB0D28A2612667E70EBD sambaNTPassword: 3A32BA8D16CAA1A3C39AD69F1766505F sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdLastSet: 1643186995 sambaAcctFlags: [U ] sambaKickoffTime: 0 # ldap-ltsp-admin, people, ldap.mydomain.de dn: uid=ldap-ltsp-admin,ou=people,dc=ldap,dc=mydomain,dc=de objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: sambaIdmapEntry objectClass: apple-user cn: ldap-ltsp-admin sn: ldap-ltsp-admin uid: ldap-ltsp-admin uidNumber: 1000008 gidNumber: 1000000 userPassword:: e0NSWVBUfSQxJFNoRXdWVkZKJHEzNlcvV0ZmLnRsR0g1a2pFbVNzQy8= homeDirectory: /home/ldap-ltsp-admin shadowLastChange: 19018 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 shadowExpire: -1 shadowInactive: 0 shadowFlag: 0 displayName: ldap-ltsp-admin sambaSID: S-1-5-21-581542813-1543657442-898407133-1018 sambaLMPassword: A7D19039BC90DB0D31CCBD13B4D6835E sambaNTPassword: C8329307747A7214EE13C5EF6ACA460A sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdLastSet: 1643187038 sambaAcctFlags: [U ] sambaKickoffTime: 0 # user3, people, ldap.mydomain.de dn: uid=user3,ou=people,dc=ldap,dc=mydomain,dc=de objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: sambaIdmapEntry objectClass: apple-user cn: user3 sn: user3 uid: user3 uidNumber: 1000009 gidNumber: 1000000 userPassword:: e0NSWVBUfSQxJC5pRXdWMENMJDhrTmQ1QkE5Q1N5T0x2UWxORjZYbzE= homeDirectory: /home/user3 shadowLastChange: 19018 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 shadowExpire: -1 shadowInactive: 0 shadowFlag: 0 displayName: user3 sambaSID: S-1-5-21-581542813-1543657442-898407133-1019 sambaLMPassword: A7D19039BC90DB0D9EF73BACC0E55ECD sambaNTPassword: 62A8425A1FC4DDE4E57C91C7567D472E sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdLastSet: 1643187072 sambaAcctFlags: [U ] sambaKickoffTime: 0 # backupuser, people, ldap.mydomain.de dn: uid=backupuser,ou=people,dc=ldap,dc=mydomain,dc=de objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: sambaIdmapEntry objectClass: apple-user cn: backupuser sn: backupuser uid: backupuser uidNumber: 1000010 gidNumber: 1000000 userPassword:: e0NSWVBUfSQxJFppRXdWN29FJHovZFEvNUMzSmYuclFQMXo2b2F2ai4= homeDirectory: /home/backupuser shadowLastChange: 19018 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 shadowExpire: -1 shadowInactive: 0 shadowFlag: 0 displayName: backupuser sambaSID: S-1-5-21-581542813-1543657442-898407133-1020 sambaLMPassword: A7D19039BC90DB0D56F80C8FFB6E18AA sambaNTPassword: 3293919E01EE0700406081F453F587FC sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdLastSet: 1643187109 sambaAcctFlags: [U ] sambaKickoffTime: 0 # readonlyadmin, people, ldap.mydomain.de dn: uid=readonlyadmin,ou=people,dc=ldap,dc=mydomain,dc=de objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: sambaIdmapEntry objectClass: apple-user cn: readonlyadmin sn: readonlyadmin uid: readonlyadmin uidNumber: 1000011 gidNumber: 1000000 userPassword:: e0NSWVBUfSQxJDJ4d3hWYlZMJHdLNnFyTVRkdnczRm1PcEkzUWl2RC4= homeDirectory: /home/readonlyadmin gecos:: QWRtaW4gZsO8ciBMREFQIFZNcw== shadowLastChange: 19023 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 shadowExpire: -1 shadowInactive: 0 shadowFlag: 0 displayName: readonlyadmin sambaSID: S-1-5-21-581542813-1543657442-898407133-1021 sambaLMPassword: A7D19039BC90DB0D3C3ADEF87BB2A955 sambaNTPassword: 515EE25D0399F6A3FB257589F1C169EE sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdLastSet: 1643630404 sambaAcctFlags: [U ] sambaKickoffTime: 0 # search result search: 2 result: 0 Success # numResponses: 32 # numEntries: 31
Ich habe keinen Plan, wo der Fehler liegen könnte - habe wie gesagt zig Anleitungen probiert - alle erfolglos.
Habt ihr Erfahrungen damit und könnt mir auf die Sprünge helfen? Bin für jeden Tip dankbar.