Now we will install phpLDAPAdmin to create your users and groups. phpLDAPAdmin can be downloaded from here (http://sourceforge.net/projects/phpldapadmin/). For this tutorial (and in production environments) I use phpLDAPAdmin 0.9.6c as I find it more stable and less painful to install with PHP4 than later versions.
Setup Apache with phpldapadmin. How you do this is up to you. If Apache is only going to be used for phpLDAPAdmin (e.g. your server is acting solely as a file/print server) then all you need to do is extract the files into /srv/www/htdocs and start Apache.
You could generate a SSL certificate and run the service encypted or on a virtual host, but for this example we will just keep it simple.
Edit phpLDAPConfig config.php (rename config.php.example). Enter the details for your LDAP server and your authentication preferences (I use session based authentication).
Edit the templates/template_config.php file. Change the Posix group template configuration to your group container (ou=groups,o=sfs). Remember to remove the // from in front of this attribute in order for it to be read.
In the Samba section set your domain name (remembering again to remove the // from in front and ensure the mkntPwdCommand points to the location of mkntpwd on your system.
Uncomment the samba_base_groups variable and set it to the same value as the posix group (ou=groups,o=sfs).
Once Samba is setup you will need to change your Samba SID value in the template_config.php file. For the moment leave this at the default.
Start your Apache service and using a web browser open the phpLDAPAdmin front-page. You maybe required to tweak some of your settings in order to get things working. It pays to read the comments in the phpLDAPAdmin config files as they set you straight.
In your tree you should see four objects in your new tree.
Click on this domain and copy the sambaSID value into phpLDAPAdmin’s templates/template_config.php file in the Samba SID section.
The Samba SID value is important as it uniquely identifies your network. Entering it into the template_config.php file allows phpLDAPAdmin to use your network SID value in place of the default. If you forget to do this step there is a bit of manual work involved reconfiguring all the SID values.
Now lets create some users and groups. Firstly create a couple of containers in the root of your tree for these objects (ou=users and ou=groups). Do this by selecting the ‘Create new entry here’ link in the root of your tree and selecting Organisational Unit from the template type.
With those created lets create a general user group that we will use for our user’s primary group. Open the groups container and press the ‘Create new entry here’ link.
Select Samba 3 Group Mapping from the list of object types. Whilst this sounds like a symbolic class it actually fulfills the dual role of Posix and Samba group in a single object.
Enter the details for this group. Give it a userful name and a high GID number so that it does not conflict with system groups (2000 should be fine). I also set the Samba SID to Domain Administrator as I have found Domain Users have limited desktop rights (like they cannot change wallpaper). This is silly and more frustrating than not being able to print for many people.
Now that we have a group lets create a user. Open the users object tree and select the ‘New item’ link. Choose Samba 3 User from the list. Like the previous group mapping the Samba 3 User object also acts as a posix user which is very nice.
Enter the details for the user. Stick to a high UID number (1000 should be fine) in order to keep out of the system UIDs. Set their Windows group to ‘Domain Administrator’ and ensure that some form of encryption is used for their password. A home directory attribute is generated but the actual directory itself is not created. Remember at the end of the process to create the necessary home directories (with the correct permissions).