HP CIFS Server 3.0f Administrator's Guide verison A.02.03
Configuring the HP CIFS Server
You must set up and configure your HP CIFS Server to enable the LDAP feature support.
LDAP Configuration Parameters
The following is the list of new global parameters available for you to configure the HP CIFS Server to enable
the LDAP feature. These parameters are set in the /etc/opt/samba/smb.conf file under global parameters.
[global] Any global setting defined here will be used by the HP CIFS Server with the LDAP support.
Table 6-3 Global Parameters
DescriptionParameter
Specifies the TCP port number used to connect to the LDAP directory server. By default, this
parameter is set to 389.
ldap port
Specifies the host name of the Directory Server where you want to store your data.ldap server
Specifies the base of the directory tree where you want to add users and machine accounts
information. It is also used as the Distinguished Name (DN) of the search base, which tells
LDAP where to start the search for the entry. For example, if your base DN is "dc=org,
dc=hp, dc=com", then you need to set the value of ldapsuffix = "dc=org, dc=hp,
dc=com".
ldap suffix
Specifies the base of the directory tree where you want to add users information. If you do
not specify this parameter, HP CIFS Server uses the value of ldap suffix. For example,
ldap user suffix = "ou=People".
ldap user suffix
Specifies the base of the directory tree where you want to add groups information. If you
do not specify this parameter, HP CIFS Server uses the value of ldap suffix instead. For
example, ldap group suffix = "ou=Groups".
ldap group suffix
Specifies the user Distinguished Name (DN) used by the HP CIFS Server to connect to the
LDAP directory server when retrieving user account information. The ldap admin dn is
used in conjunction with the admin dn password stored in the
/var/opt/samba/private/secrets.tdb file. For example, ldap admin dn =
"cn = directory manager".
ldap admin dn
Specifies whether a delete operation in the ldapsam deletes the complete entry or only the
attributes specific to Samba. The default value is No.
ldap delete dn
Specifies whether the HP CIFS Server should sync the LDAP password with the NT and LM
hashes for normal accounts on a password change. This option can be set to one of three
values:
• Yes: Update the LDAP, NT and LM passwords and update the pwdLastSet time.
• No: Update NT and LM passwords and update the pwdLastSet time.
• Only: Only update the LDAP password and let the LDAP server do the rest.
The default value is No.
ldap passwd sync
When Samba is requested to write to a read-only LDAP replica, it is redirected to talk to
the read-write master server. This server then replicates the changes back to the local server.
The replication might take some seconds, especially over slow links. Certain client activities
can become confused by the 'success' that does not immediately change the LDAP back-end's
data. This option simply causes Samba to wait a short time and allows the LDAP server to
catch up. The value is specified in milliseconds, the maximum value is 5000 (5 seconds).
By default, ldapreplication sleep = 1000 (1 second).
ldap replication sleep
Specifies in seconds how long the HP CIFS Server waits for the LDAP server to respond to
the connect request if the LDAP server is down or unreachable. The defualt value is 15 (in
seconds).
ldap timeout
Specifies the Secure Sockets Layer (SSL) support. HP CIFS Server A.02.03 or later supports
theldap ssl = start_tls option. Specifies Yes to enable this feature using the port
number 636 to connect to the LDAP directory server. If you choose to use Start TLS, set it to
start_tls to enable SSL using port number 389 to connect to the LDAP directory server. To
disable SSL , set it to No. By default, this parameter is set to No.
ldap ssl
Configuring LDAP Feature Support
After installing the HP CIFS Server, the existing configuration continues to operate as currently configured.
To enable the LDAP support, you must configure the relative LDAP configuration parameters in the
/etc/opt/samba/smb.conf file by using the SWAT tool or the editor.
92 LDAP Integration Support