====== Ubuntu - LDAP - Samba ======

Configuring the PDC based on LDAP (Minor Part option omitted):

<file bash smb.conf>
[global]
   workgroup = EXAMPLE

   security = user
   encrypt passwords = yes

   obey pam restrictions = yes
 
   local master = yes
   os level = 33
   domain master = yes 
   preferred master = yes
   domain logons = yes

   passdb backend = ldapsam:"ldapi:// ldaps://ldap2.example.com"
   idmap backend = ldapsam:"ldapi:// ldaps://ldap2.example.com"
   ldap admin dn = uid=samba,ou=System,dc=example,dc=com
   ldap suffix = dc=example,dc=com
   ldap machine suffix = ou=Hosts
   ldap user suffix = ou=People
   ldap group suffix = ou=Group
   ldap idmap suffix = ou=Idmap

   ldap passwd sync = only
   ldap delete dn = yes

;   ldapsam:trusted = yes
;   ldapsam:editposix = yes

;   add user script = /usr/sbin/smbldap-useradd '%u'
   delete user script = /usr/sbin/smbldap-userdel '%u'
;   add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
;   delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
;   set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
;   add group script = /usr/sbin/smbldap-groupadd '%g' && /usr/sbin/smbldap-groupshow %g|awk '/^gidNumber:/ {print $2}'
;   delete group script = /usr/sbin/smbldap-userdel '%g'
   add machine script = /usr/sbin/smbldap-useradd -W -d /dev/null -g Machines -c 'Machine Account' -s /bin/false '%u'
   # for renaming machines
#   rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold'
</file>


Selected options from /etc/smbldap-tools/smbldap.conf

<file bash /etc/smbldap-tools/smbldap.conf>
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"
verify="none"

suffix="dc=example,dc=com"
usersdn="ou=Users,${suffix}"
computersdn="ou=Machines,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"

scope="sub"
hash_encrypt="SSHA"
crypt_salt_format="%s"
</file>