FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Edubuntu Development

 
 
LinkBack Thread Tools
 
Old 01-28-2010, 03:01 PM
Veli-Matti Lintu
 
Default OpenLDAP setup on Ubuntu 10.04 Alpha 2

Hi,

There's been discussion on different LDAP topics on the list during the
past weeks and also I've been involved in testing OpenLDAP on Lucid
alpha 2 to see how everything works now. It seems like some things have
changed since I last time checked everything that relates to ldap and
kerberos authentication, so I started going through thing piece by
piece. Especially there are some automations in authentication settings
that I haven't noticed before.

The goal is to get the old stack of OpenLDAP+MIT kerberos w/LDAP backend
+NFSv4+autofs working as easily as possibly on Lucid in school setup
running LTSP and then automate the whole setup. I got it pretty much
working on a test server and I'm now writing down the different steps I
had to do to get it working. Once those are ready, I'll put it all
together in an actual document with the scripts.

I got now basic OpenLDAP setup using the config backend documented with
TLS setup here:

http://www.opinsys.fi/setting-up-openldap-on-ubuntu-10-04-alpha2
http://www.opinsys.fi/setting-up-openldap-on-ubuntu-10-04-lucid-part2

I'd be happy to hear if there are some tools that are available in
Ubuntu or elsewhere to do these in easier way. Hopefully this is useful
to others. I try to get the kerberos setup parts finished soon..

Veli-Matti


--
edubuntu-devel mailing list
edubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel
 
Old 02-05-2010, 06:18 PM
David Hopkins
 
Default OpenLDAP setup on Ubuntu 10.04 Alpha 2

I simply need the ldap client to authenticate my existing CentOS based Openldap server.* However, when I try to use

sudo apt-get install libnss-ldapd libpam-ldapd

I get

Couldn't find package libpam-ldapd


This is a base install of edubuntu.* Any ideas why it finds libnss-ldapd but not libpam?

Thanks!
Dave Hopkins
Newark Charter School

On Thu, Jan 28, 2010 at 11:01 AM, Veli-Matti Lintu <veli-matti.lintu@opinsys.fi> wrote:

Hi,



There's been discussion on different LDAP topics on the list during the

past weeks and also I've been involved in testing OpenLDAP on Lucid

alpha 2 to see how everything works now. It seems like some things have

changed since I last time checked everything that relates to ldap and

kerberos authentication, so I started going through thing piece by

piece. Especially there are some automations in authentication settings

that I haven't noticed before.



The goal is to get the old stack of OpenLDAP+MIT kerberos w/LDAP backend

+NFSv4+autofs working as easily as possibly on Lucid in school setup

running LTSP and then automate the whole setup. I got it pretty much

working on a test server and I'm now writing down the different steps I

had to do to get it working. Once those are ready, I'll put it all

together in an actual document with the scripts.



I got now basic OpenLDAP setup using the config backend documented with

TLS setup here:



http://www.opinsys.fi/setting-up-openldap-on-ubuntu-10-04-alpha2

http://www.opinsys.fi/setting-up-openldap-on-ubuntu-10-04-lucid-part2



I'd be happy to hear if there are some tools that are available in

Ubuntu or elsewhere to do these in easier way. Hopefully this is useful

to others. I try to get the kerberos setup parts finished soon..



Veli-Matti





--

edubuntu-devel mailing list

edubuntu-devel@lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel



--
edubuntu-devel mailing list
edubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel
 
Old 02-05-2010, 06:21 PM
Scott Balneaves
 
Default OpenLDAP setup on Ubuntu 10.04 Alpha 2

On Fri, Feb 05, 2010 at 02:18:28PM -0500, David Hopkins wrote:
> I simply need the ldap client to authenticate my existing CentOS based
> Openldap server. However, when I try to use
>
> sudo apt-get install libnss-ldapd libpam-ldapd
>
> I get
>
> Couldn't find package libpam-ldapd
>
> This is a base install of edubuntu. Any ideas why it finds libnss-ldapd but
> not libpam?

I think you're looking for:

sbalneav@3jane:~$ apt-cache search libpam-ldap
libpam-ldap - Pluggable Authentication Module for LDAP

No 'd' on the end.

Scott

--
Scott L. Balneaves | Nothing sickens me more than the closed door of a library.
Systems Department | -- Barbara Tuchman
Legal Aid Manitoba |

--
edubuntu-devel mailing list
edubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel
 
Old 02-05-2010, 06:52 PM
David Hopkins
 
Default OpenLDAP setup on Ubuntu 10.04 Alpha 2

On Fri, Feb 5, 2010 at 2:21 PM, Scott Balneaves <sbalneav@legalaid.mb.ca> wrote:

On Fri, Feb 05, 2010 at 02:18:28PM -0500, David Hopkins wrote:

> I simply need the ldap client to authenticate my existing CentOS based

> Openldap server. *However, when I try to use

>

> sudo apt-get install libnss-ldapd libpam-ldapd

>

> I get

>

> Couldn't find package libpam-ldapd

>

> This is a base install of edubuntu. *Any ideas why it finds libnss-ldapd but

> not libpam?



I think you're looking for:



sbalneav@3jane:~$ apt-cache search libpam-ldap

libpam-ldap - Pluggable Authentication Module for LDAP



No 'd' on the end.

Actually, I found it in a supposed backport from lucid to karmic?* Anyhow, I downloaded the .deb packages and then used dpkg to install them.* Had to also install nslcd as well.* It asked a few questions about my ldap server and ... doesn't work.


If I su to root, I get and LDAP open_session failed message ... and then if I exit that session, I get a* LDAP closed_session failed message.* Also, I can't su to any of my ldap users. I get 'not found' for the ID.


I'll add that I also installed the packages required for NFS client to work and that does work. So ...

I'll have now tried installing libpam-ldap instead

libpam-ldapd was uninstalled in the process.* I answered the questions (ldap server, distinguished name, version, etc) and ... it still doesn't allow me to su to a known user.** I'm probably missing something simple at this point but ...* I know we've discussed this over on the edubuntu user list but ... it sure would be nice if this 'just worked'* * It just seems soooo close.


Sincerely,
Dave Hopkins




--

Scott L. Balneaves | Nothing sickens me more than the closed door of a library.

Systems Department | * * -- Barbara Tuchman

Legal Aid Manitoba |



--

edubuntu-devel mailing list

edubuntu-devel@lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel



--
edubuntu-devel mailing list
edubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel
 
Old 02-05-2010, 07:01 PM
Scott Balneaves
 
Default OpenLDAP setup on Ubuntu 10.04 Alpha 2

On Fri, Feb 05, 2010 at 02:52:01PM -0500, David Hopkins wrote:

> libpam-ldapd was uninstalled in the process. I answered the questions (ldap
> server, distinguished name, version, etc) and ... it still doesn't allow me
> to su to a known user. I'm probably missing something simple at this point
> but ... I know we've discussed this over on the edubuntu user list but ...
> it sure would be nice if this 'just worked' It just seems soooo close.

Have you rebooted? Oftentimes, I find diddling with pam sometimes needs a
reboot.

Have you followed the Ubuntu LDAP client page?

Scott

--
Scott L. Balneaves | The mark of an immature man is that he wants to die nobly
Systems Department | for a cause, while the mark of a mature man is that he
Legal Aid Manitoba | wants to live humbly for one. -- Wilhelm Stekel

--
edubuntu-devel mailing list
edubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel
 
Old 02-05-2010, 07:08 PM
David Hopkins
 
Default OpenLDAP setup on Ubuntu 10.04 Alpha 2

On Fri, Feb 5, 2010 at 3:01 PM, Scott Balneaves <sbalneav@legalaid.mb.ca> wrote:

On Fri, Feb 05, 2010 at 02:52:01PM -0500, David Hopkins wrote:



> libpam-ldapd was uninstalled in the process. *I answered the questions (ldap

> server, distinguished name, version, etc) and ... it still doesn't allow me

> to su to a known user. * I'm probably missing something simple at this point

> but ... *I know we've discussed this over on the edubuntu user list but ...

> it sure would be nice if this 'just worked' * *It just seems soooo close.



Have you rebooted? *Oftentimes, I find diddling with pam sometimes needs a

reboot.

I have not rebooted .... yet.* Last time I did so I was locked out of the system because ldap wasn't configured correctly.* I'll go ahead and do so ... what is the worst that can happen?*




Have you followed the Ubuntu LDAP client page?

I tried, that is how I got to this point ... I think.* At least if you are referring to this page

https://help.ubuntu.com/community/LDAPClientAuthentication


Sincerely,
Dave Hopkins

*


--
edubuntu-devel mailing list
edubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel
 
Old 02-05-2010, 07:38 PM
David Hopkins
 
Default OpenLDAP setup on Ubuntu 10.04 Alpha 2

I have not rebooted .... yet.* Last time I did so I was locked out of the system because ldap wasn't configured correctly.* I'll go ahead and do so ... what is the worst that can happen?*


I rebooted and nothing ... so I uninstalled everything, rebooted again and then tried the apt-get ...

This time it asked about letting deb-conf configure(?) so I said yes, and it then didn't ask anything at all about the ldap server or the other questions, just dumped me back to a command prompt after finishing the install.* /etc/nsswitch.conf was not modified nor any of the other files (ldap.conf and so on).





Have you followed the Ubuntu LDAP client page?

I tried, that is how I got to this point ... I think.* At least if you are referring to this page

https://help.ubuntu.com/community/LDAPClientAuthentication




SO, I'll try following or something the above again even though it also has a warning that the instructions are out of date for 9.10.* But with a blizzard heading here today, I'll have to do so later.* If anyone has a simple set of instructions that set up an ldap client, I'd be ecstatic.


Sincerely,
Dave Hopkins
*




--
edubuntu-devel mailing list
edubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel
 
Old 02-05-2010, 08:03 PM
Scott Balneaves
 
Default OpenLDAP setup on Ubuntu 10.04 Alpha 2

On Fri, Feb 05, 2010 at 03:38:03PM -0500, David Hopkins wrote:
> SO, I'll try following or something the above again even though it also has
> a warning that the instructions are out of date for 9.10. But with a
> blizzard heading here today, I'll have to do so later. If anyone has a
> simple set of instructions that set up an ldap client, I'd be ecstatic.

There are none. LDAP is, by definition, a somewhat difficult topic.

Best bet would be to stop by the IRC channel and we can debug it.

Scott

--
Scott L. Balneaves | The mark of an immature man is that he wants to die nobly
Systems Department | for a cause, while the mark of a mature man is that he
Legal Aid Manitoba | wants to live humbly for one. -- Wilhelm Stekel

--
edubuntu-devel mailing list
edubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel
 
Old 02-05-2010, 08:16 PM
David Hopkins
 
Default OpenLDAP setup on Ubuntu 10.04 Alpha 2

On Fri, Feb 05, 2010 at 03:38:03PM -0500, David Hopkins wrote:


> SO, I'll try following or something the above again even though it also has

> a warning that the instructions are out of date for 9.10. *But with a

> blizzard heading here today, I'll have to do so later. *If anyone has a

> simple set of instructions that set up an ldap client, I'd be ecstatic.



There are none. *LDAP is, by definition, a somewhat difficult topic.

I set up an Openldap server on Fedora and it while tedious, it worked and didn't seem this difficult.

And ... at the risk of raising ire, while setting up the server can be difficult, setting up an ldap client should not be so hard.* IHMO RedHat has it done correctly with a simple GUI, enter the ldap server IP address, click OK, and you're done.* Doesn't get any simpler.


For Ubuntu, which I really want to use as a replacement for my RedHat servers and move to LTSP 5 from 4.2, I have now tried the install 3 times and just the install has behaved differently each time.* Not sure why .. I installed the same packages each time.

*


Best bet would be to stop by the IRC channel and we can debug it.

I can't get to the IRC channel while at the school. The state blocks all IRC at the firewalls. If I could get IRC help, I'm sure that it wouldn't take that long to sort out.* I did get ldap to work earlier except that I used ext4 for the filesystem and on my server, it flaked and I had to rebuild with ext3.* So, with the storm moving in, I'll have plenty of time to try from home (VPN).*


I do appreciate the help ... just a tad frustrated at the moment.

Sincerely,
Dave Hopkins


--
edubuntu-devel mailing list
edubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel
 
Old 02-05-2010, 08:35 PM
Scott Balneaves
 
Default OpenLDAP setup on Ubuntu 10.04 Alpha 2

On Fri, Feb 05, 2010 at 04:16:49PM -0500, David Hopkins wrote:

> And ... at the risk of raising ire, while setting up the server can be
> difficult, setting up an ldap client should not be so hard. IHMO RedHat has
> it done correctly with a simple GUI, enter the ldap server IP address, click
> OK, and you're done. Doesn't get any simpler.

Debian, and by extention, debian based distros, have always maintained that
debconf shall be the way that conf shall be done. It's more a debconf
limitation than anything else.

I can spend a few minutes this weekend, and get a simplified procedure written
down. The problem, as with anything to do with LDAP, is in the details.

> For Ubuntu, which I really want to use as a replacement for my RedHat
> servers and move to LTSP 5 from 4.2, I have now tried the install 3 times
> and just the install has behaved differently each time. Not sure why .. I
> installed the same packages each time.

Have you been doing apt-get *purge* package? Otherwise, you're leaving conf
files about, and debconf will be trying to re-use perhaps incorrectly set up
configs. Getting you nowhere fast.

Scott

> I can't get to the IRC channel while at the school. The state blocks all IRC
> at the firewalls.

Seems a little short-sighted of the state to not allow for an authenticating
proxy to allow you through.

Scott

--
Scott L. Balneaves | Grass is the forgiveness of nature - her constant
Systems Department | benediction. Forests decay, harvests perish, flowers
Legal Aid Manitoba | vanish, but grass is immortal. -- Brian Ingalls

--
edubuntu-devel mailing list
edubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel
 

Thread Tools




All times are GMT. The time now is 12:53 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org