From c3287b92624106204b3d428a044b31e2314c1dfc Mon Sep 17 00:00:00 2001
From: Martin Goik <goik@hdm-stuttgart.de>
Date: Wed, 14 Dec 2016 11:21:33 +0100
Subject: [PATCH] Moving LDAP OS support from Samba to LDAP section

---
 Doc/Sdi/ldap.xml  | 35 ++++++++++++++++++++++++++++++++++-
 Doc/Sdi/samba.xml | 30 ++++++++++++++----------------
 2 files changed, 48 insertions(+), 17 deletions(-)

diff --git a/Doc/Sdi/ldap.xml b/Doc/Sdi/ldap.xml
index 8da0a6e23..ec6eb06df 100644
--- a/Doc/Sdi/ldap.xml
+++ b/Doc/Sdi/ldap.xml
@@ -659,7 +659,7 @@ modifying entry "olcDatabase={0}config,cn=config"</programlisting>
       </orderedlist>
     </section>
 
-    <section xml:id="ldapReplication">
+    <section xml:id="sdiSectldapReplication">
       <title>Replication</title>
 
       <para><link
@@ -720,6 +720,39 @@ olcModulePath: /usr/lib/ldap</programlisting>
       </note>
     </section>
 
+    <section xml:id="sdiSectLdapOsSupport">
+      <title><xref linkend="glo_LDAP"/> based user login</title>
+
+      <para>Configure your second VM (the one without <xref
+      linkend="glo_LDAP"/> Server) to allow for user login purely based on
+      <xref linkend="glo_LDAP"/>. Activation of OS level <xref
+      linkend="glo_LDAP"/> user and group support is being outlined in <link
+      xlink:href="https://wiki.debian.org/LDAP/PAM">Configuring LDAP
+      Authentication</link>. </para>
+
+      <tip>
+        <para>All user information (<property>uid</property>, common name,
+        numerical id, group information ...) will reside on your <xref
+        linkend="glo_LDAP"/> Server rather than locally in
+        <filename>/etc/passwd</filename>, <filename>/etc/group</filename> and
+        <filename>/etc/shadow</filename>. Create the required user home
+        directory manually.</para>
+
+        <para>On successful configuration corresponding to a <xref
+        linkend="glo_LDAP"/> user <property>ldaptest</property> you should see
+        the following</para>
+
+        <programlisting language="none">$ id ldaptest
+uid=1001(ldaptest) gid=1001(ldaptest) groups=1001(ldaptest)</programlisting>
+
+        <para>A <quote>id: â€˜ldaptestâ€™: no such user</quote> message indicates
+        your <xref linkend="glo_LDAP"/> setup does not yet work.</para>
+
+        <para>After this continue to configure password based user login based
+        on <xref linkend="glo_LDAP"/> credentials.</para>
+      </tip>
+    </section>
+
     <section xml:id="sdiSectLdapByJava">
       <title>Accessing <xref linkend="glo_LDAP"/> by a <xref
       linkend="glo_Java"/> application.</title>
diff --git a/Doc/Sdi/samba.xml b/Doc/Sdi/samba.xml
index ffed09067..206b9830b 100644
--- a/Doc/Sdi/samba.xml
+++ b/Doc/Sdi/samba.xml
@@ -106,23 +106,21 @@ Filesystem                            1K-blocks   Used Available Use% Mounted on
         database.</para>
 
         <tip>
-          <itemizedlist>
-            <listitem>
-              <para>Before you start make sure your OS does have <xref
-              linkend="glo_LDAP"/> user support. Choose a user e.g.
-              <quote>ldaptest</quote> which exists on your <xref
-              linkend="glo_LDAP"/> server but not as a local user provided by
-              <filename>/etc/passwd</filename>. The following should
-              work:</para>
-
-              <programlisting language="none">$ id ldaptest
-uid=1001(ldaptest) gid=1001(ldaptest) groups=1001(ldaptest)</programlisting>
-
-              <para>A <quote>id: â€˜ldaptestâ€™: no such user</quote> message
-              indicates your <xref linkend="glo_LDAP"/> setup does not yet
-              work.</para>
-            </listitem>
+          <para>Prerequisite: Before you start make sure your OS does indeed
+          have <xref linkend="glo_LDAP"/> user and group support as being
+          described in <xref linkend="sdiSectLdapOsSupport"/>.</para>
+        </tip>
 
+        <tip>
+          <para>As being mentioned in <uri
+          xlink:href="https://bugs.launchpad.net/ubuntu/+source/smbldap-tools/+bug/997172">https://bugs.launchpad.net/ubuntu/+source/smbldap-tools/+bug/997172</uri>
+          the <command>smbldap-config.pl</command> command my be missing.
+          Following <link
+          xlink:href="https://bugs.launchpad.net/ubuntu/+source/smbldap-tools/+bug/997172/comments/7">comment
+          no. 7</link> from the same bug report the following steps create a
+          replacement:</para>
+
+          <itemizedlist>
             <listitem xml:id="sdiHintBugMissingSmbldapPackage">
               <para>As being mentioned in <uri
               xlink:href="https://bugs.launchpad.net/ubuntu/+source/smbldap-tools/+bug/997172">https://bugs.launchpad.net/ubuntu/+source/smbldap-tools/+bug/997172</uri>
-- 
GitLab