FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 08-17-2011, 09:28 PM
Craig White
 
Default OpenLDAP setup and bootstraping in CentOS 6

On Aug 17, 2011, at 12:03 PM, Mitch Patenaude wrote:

> I'm having trouble getting openldap through its initial setup.
>
> I created a /etc/openldap/slap.conf file with a default rootdn and rootpw, and they didn't seem to take effect. After much wailing and gnashing of teeth I found that if there is a config directory at /etc/openldap/slapd.d, it will ignore slapd.conf. I can't figure out how to translate slapd.conf into the (new?) standard of slapd.d because all the examples I can find still use slapd.conf.
>
> Am I better off just deleting (or renaming) slapd.d? Does anybody know the proper format for slapd.d entries?
----
presuming what you are referring to is dynamic configuration - flat files are not used any more.

Haven't tried with CentOS 6 because I switched my newer setups to Ubuntu but Ubuntu 10.04 also uses dynamic configuration methods and if that is the case...

/etc/openldap/slapd.conf is meaningless - at least in Ubuntu

renaming or deleting /etc/openldap/slapd.d would be a self-defeating act... that's where the results of dynamic configuration will end up.

start over, baby steps... script everything you do so it's repeatable

start by adding your schema's

then define the backend

then define the base

then define your ACL's

then you can pull in the DSA

Craig
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-18-2011, 02:05 AM
Craig White
 
Default OpenLDAP setup and bootstraping in CentOS 6

On Wed, 2011-08-17 at 15:10 -0400, Scott Robbins wrote:
> On Wed, Aug 17, 2011 at 07:03:28PM +0000, Mitch Patenaude wrote:
> > I'm having trouble getting openldap through its initial setup.
> >
> > I created a /etc/openldap/slap.conf file with a default rootdn and rootpw, and
> > they didn't seem to take effect. After much wailing and gnashing of teeth I
> > found that if there is a config directory at /etc/openldap/slapd.d, it will
> > ignore slapd.conf. I can't figure out how to translate slapd.conf into the
> > (new?) standard of slapd.d because all the examples I can find still use
> > slapd.conf.
> >
> > Am I better off just deleting (or renaming) slapd.d? Does anybody know the
> > proper format for slapd.d entries?
> >
>
> I might as well spam my own page (where I suggest deleting it) for LDAP.
>
> http://home.roadrunner.com/~computertaijutsu/ldap.html
>
>
> I don't know of anyone who got it working with that slap.d, nor have I
> seen any documentation on it--on the other hand, I didn't look very
> hard. I would almost guarantee it adds no new advantages.
----
I can't say that I see any advantages to dynamic configuration but
perhaps in time, they will dawn on me.

In the meantime, if upstream and thus CentOS 6 are using dynamic
configuration (and I assume that is what it is by reference to slapd.d
directory), then your page is rather outdated and useful only for
earlier releases.

The last time you pimped your page, I noted that it wasn't bad but it
completely had everything wrong on the topic of TLS. Your page talks
about using TLS but TLS doesn't use port 636. LDAP SSL uses port 636.
LDAP SSL is costly in terms of computing power, deprecated and not
recommended which is why it ships 'off'. If you can turn off LDAP SSL
(and port 636) and connect to port 389 and use -ZZ option, then you will
know that you are using TLS.

example...
ldapsearch -ZZ -h srv2 '(uid=craig)' -D
'uid=craig,ou=people,dc=azapple,dc=com' -W uid, cn -b
'ou=people,dc=azapple,dc=com'

Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <ou=people,dc=azapple,dc=com> with scope subtree
# filter: (uid=craig)
# requesting: uid, cn
#

# craig, people, azapple.com
dn: uid=craig,ou=people,dc=azapple,dc=com
cn: Craig White

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1

Craig


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-18-2011, 02:18 AM
Scott Robbins
 
Default OpenLDAP setup and bootstraping in CentOS 6

On Wed, Aug 17, 2011 at 07:05:34PM -0700, Craig White wrote:

> On Wed, 2011-08-17 at 15:10 -0400, Scott Robbins wrote:
> >
> > http://home.roadrunner.com/~computertaijutsu/ldap.html
> >
> ----
> I can't say that I see any advantages to dynamic configuration but
> perhaps in time, they will dawn on me.
>
> In the meantime, if upstream and thus CentOS 6 are using dynamic
> configuration (and I assume that is what it is by reference to slapd.d
> directory), then your page is rather outdated and useful only for
> earlier releases.

>
> The last time you pimped your page, I noted that it wasn't bad but it
> completely had everything wrong on the topic of TLS. Your page talks
> about using TLS but TLS doesn't use port 636. LDAP SSL uses port 636.

Which is clearly stated there.

I'll add a note soon that the page is outdated, but not tonight.


--
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Oz: It's Willow, she's nearby.
Cordelia: What? You can smell her? She doesn't even wear perfume.
Oz: She's afraid.
Cordelia: Oh my God, is this some sort of residual werewolf
thing? This is very disturbing.
Oz: I really agree.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 12:51 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org