Multiple domains in LDAP and 1 samba server for all domains, what to do?
Are there any LDAP admins who can help me with this?
We are a group of 3 companies, all belonging to the same owner, so we share office space and IT infrastructure. Each company has it's own domain name eg.
red.com
blue.com.au
green.com.au
We want to centralize logins for shell, email and file server accounts (samba/CIFS) using OpenLDAP
I'm completely new to LDAP and have set up a test LDAP server on 1 machine.
I have created a directory database for each company in the /etc/openldap/slapd.conf
So far this is all in the design phase so nothing has really been populated yet.
There are two problems I see in the future:
1.
We want one samba server handling the file server and the logins handled by ldap.
In the samba.conf I would have
ldap admin dn = "cn=smbadmin,ou=people,dc=red,dc=com"
This will allow me to add users to the samba system and authenticate them via LDAP but probably only for the domain red.com.
Question is how can I allow the ldap admin DN login to the other domains on LDAP and create or authenticate users there? I'm starting to think that we'll need three samba daemons or servers.
2.
The second problem, how can users from one domain authenticate and search the directory of another domain? I'm flirting with the idea that I should just create one fake domain name and have everyone in that, but I'm sure that's going to cause problems in the future.
|