source: trunk-3.0/examples/LDAP/smbldap-tools-0.9.2/INSTALL@ 102

# $Source: /opt/cvs/samba/smbldap-tools/INSTALL,v $
#
## How To Install SMBLDAP-TOOLS

DEPENDANCIES :
-=-=-=-=-=-=-=
. scripts now use the Crypt::SmbHash perl module

INSTALLATION from the tar.gz archive
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
. Copy all those scripts in /usr/local/sbin/
. Modify smbldap.conf and smbldap_bind.conf to match your configuration, and copy
  them in /etc/smbldap-tools/
. set proper permissions on those files:
  $ chmod 644 /etc/smbldap-tools/smbldap.conf
  $ chmod 600 /etc/smbldap-tools/smbldap_bind.conf
. update the 2 first declaration of /usr/local/sbin/smbldap_tools.pm to define the
  PATH to the configuration file, for example
  > my $smbldap_conf="/etc/smbldap-tools/smbldap.conf";
  > my $smbldap_bind_conf="/etc/smbldap-tools/smbldap_bind.conf";
. if upgrading, add these lines in smbldap.conf configuration file:
  > # Allows not tu use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)
  > # but prefer Crypt:: libraries
  > with_slappasswd="0"
  > slappasswd="/usr/sbin/slappasswd"
  If 'with_slappasswd' is set to 0, password will be hashed with appropriate perl module
  (to not use anymore external programm)
. initialize the ldap directory
  $ smbldap-populate
. If not already done : "smbpasswd -w secret" to set up
  the ldap admin password in secrets.tdb

INSTALLATION from RedHat RPM:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
. install the package
  $ rpm -Uvh smbldap-tools-0.8.6-1.noarch.rpm
. Modify /etc/opt/IDEALX/smbldap-tools/smbldap.conf and /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf
  to match you configuration.
. initialize the ldap directory
  $ smbldap-populate
. If not already done : "smbpasswd -w secret" to set up
  the ldap admin password in secrets.tdb

UPGRADE TO RELEASE 0.8.8 :
-=-=-=-=-=-=-=-=-=-=-=-=-=
you need to add the new parameter userHomeDirectoryMode in smbldap.conf. For example :
=> # Default mode used for user homeDirectory
=> userHomeDirectoryMode="700"

UPGRADE TO RELEASE 0.8.7 :
-=-=-=-=-=-=-=-=-=-=-=-=-=
. configuration files are now stored in /etc/opt/IDEALX/smbldap-tools/
. Next uidNumber and gidNumber available are _not_ stored anymore in cn=NextFreeUnixId
  by default, but you can still continue to use your entry.
  They are now store in the sambaDomain entry.
. If your sambaDomain entry already exist, you can securely execute the smbldap-populate script to
  update it and add the uidNumber and gidNumber attribut.
  

UPGRADE TO RELEASE 0.8.5 :
-=-=-=-=-=-=-=-=-=-=-=-=-=
. Change the variable name userHomePrefix to userHome in /etc/smbldap-tools/smbldap.conf
. Next uidNumber and gidNumber available are now stored in cn=NextFreeUnixId
  When upgrading, you need to create this object manually. You can use for example
  an add.ldif life containing the following lines:
  > dn: cn=NextFreeUnixId,dc=idealx,dc=org
  > objectClass: inetOrgPerson
  > objectClass: sambaUnixIdPool
  > uidNumber: 1000
  > gidNumber: 1000
  > cn: NextFreeUnixId
  > sn: NextFreeUnixId
  and then add the object with the ldapadd utility:
  $ ldapadd -x -D "cn=Manager,dc=idealx,dc=org" -w secret -f add.ldif
  note: . $firstuidNumber and $firstgidNumber are the first uidNumber and gidNumber
          available (previously called UID_START and GID_START in the configuration file)
        . here, 1000 is the first available value for uidNumber and gidNumber (of course, if
          this value is already used by a user or a group, the first available after 1000 will
          be used).
. Next, you have to update the configuration file to defined the object where are sotred
  the next uidNumber and gidNumber available. In our example, you have to add a new entry in
  /etc/smbldap-tools/smbldap.conf containing :
  > # Where to store next uidNumber and gidNumber available
  > sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
. Update, if necessary, the configuration file that defined users, groups and computers dn.
  Those parameters must not be relative to the suffix parameter. A typical configuration look
  like this :
  > usersdn="ou=Users,${suffix}"
  > computersdn="ou=Computers,${suffix}"
  > groupsdn="ou=Groups,${suffix}"
. the "Domain Computers" gidNumber should be set to 515 (see wellknown rid). Check if
  you need to update the smbldap-tools configuration file /etc/smbldap-tools/smbldap.conf :
  > defaultComputerGid="515"
. the new version adds mail-forwarding and mail-alias capabilities to
  the user's ldap-records. Those new attributes may be used for mail
  delievry by MTAs like sendmail or postfix. Two new options "-M" and "-T"
  allow specifying mail-aliases and mail-forward addresses in
  smbldap-useradd and smbldap-usermod. If those options are used, the
  objectclass "inetLocalMailRecipient" is used.
  This objectclass is part of the misc.schema schema given with the OpenLDAP package
  You then have to update the configuration file to set the domain name to append to mail.
  For example, you can add a new entry in /etc/smbldap-tools/smbldap.conf containing :
  > # Domain appended to the users "mail"-attribute
  > # when smbldap-useradd -M is used
  > mailDomain="idealx.com"

UPGRADE TO RELEASE 0.8.4 :
-=-=-=-=-=-=-=-=-=-=-=-=-=
. configuration is now set in two different files:
  - /etc/smbldap-tools/smbldap.conf for global parameters
  - /etc/smbldap-tools/smbldap_bind.conf for connection parameters
. scripts does not have any more the .pl extension. The call of the
  scripts in the smb.conf file must then be updated.




# - The End