FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 07-12-2012, 10:54 AM
Juan Asensio Sánchez
 
Default Questions on 389 configuration

Hi

We are using these attributes for a (very basic) configuration of
LDAPI (just root -> Directory Manager):

# LDAPI
nsslapd-ldapifilepath: /var/run/dirsrv/slapd-XXXX.socket
nsslapd-ldapilisten: on
nsslapd-ldapiautobind: on
nsslapd-ldapimaprootdn: cn=Directory Manager
nsslapd-ldapimaptoentries: off
nsslapd-ldapientrysearchbase: dc=XXXXX,dc=es

Then, we search this way:

ldapsearch -Y EXTERNAL -H
ldapi://%2fvar%2frun%2fdirsrv%2fslapd-XXXX.socket -b "dc=XXXXX,dc=es"
-s one "(objectClass=organization)" o

/etc/nslcd.conf is used with nsswitch.conf to make LDAP users and
groups available to the system, so, if configured in PAM, they can
access the system. pam_ldap.conf (I've never used it), should be to
configure PAM to use LDAP as an option to retrieve users and passwords
to authenticate the users.

Regards.


2012/7/12 Alberto Suárez <asuapaz@gobiernodecanarias.org>:
> Hi,
>
> I have finished configuring 389 on Centos 6.2. and it seems to work ok now.
> Not a conceptually difficult exercise, but a very complex exercise in
> practice, due to the many details that have to be born in mind which either
> are not well documented (IMHO) or scatterd in several docs, plus the tricky
> changes introduced by Centos 6.2.
>
> My intention is to prepare a doc in spanish explaining how to set the thing
> up from the beginning and make it available to anyone who needs it.
>
> However I still have some doubts after having gone through the installation
> an configuration of the product:
>
> 1. Autobind and LDAPI. From my understanding, Centos 6.2 wants you to use
> SSL, but on the other hand there is LDAPI which is meant to be faster and
> more secure. In my case, the client and LDAP will be sitting on the same
> machine, so I do not see the point in using SSL as opposed to ldapi. How do
> you configure 389 to use ldapi and not SSL? I enabled LDAPI and configured
> Autobind following the instructions given in RHDS 9.0 documentation, but I
> do not se how it is (if it is) used.
>
> 2. Is there some doc that explains the various directives found in
> /etc/pam_ldap.conf and /etc/nslcd.conf files? I have configured some in
> order to get it to work, but I do not understand well its purpose. The man
> page does not cover every directive and it is not quite explanatory, anyway.
>
> Thank you.
>
> Alberto
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-12-2012, 01:30 PM
Rich Megginson
 
Default Questions on 389 configuration

On 07/12/2012 04:13 AM, Alberto Suárez wrote:

Hi,

I have finished configuring 389 on Centos 6.2. and it seems to work ok
now. Not a conceptually difficult exercise, but a very complex
exercise in practice, due to the many details that have to be born in
mind which either are not well documented (IMHO) or scatterd in
several docs, plus the tricky changes introduced by Centos 6.2.


My intention is to prepare a doc in spanish explaining how to set the
thing up from the beginning and make it available to anyone who needs it.


However I still have some doubts after having gone through the
installation an configuration of the product:


1. Autobind and LDAPI. From my understanding, Centos 6.2 wants you to
use SSL, but on the other hand there is LDAPI which is meant to be
faster and more secure. In my case, the client and LDAP will be
sitting on the same machine, so I do not see the point in using SSL as
opposed to ldapi. How do you configure 389 to use ldapi and not SSL? I
enabled LDAPI and configured Autobind following the instructions given
in RHDS 9.0 documentation, but I do not se how it is (if it is) used.


To test it, you have to use an ldapi URL like this:
ldapmodify -x -H ldapi://pathtosocket.socket -D "cn=directory manager"
-w password -a


Where pathtosocket.socket is the full absolute path of the socket file,
with the '/' replaced with '%2F'


The access log will tell you if the connection is using ldapi

I don't know if pam/nss ldap supports ldapi.


2. Is there some doc that explains the various directives found in
/etc/pam_ldap.conf and /etc/nslcd.conf files? I have configured some
in order to get it to work, but I do not understand well its purpose.
The man page does not cover every directive and it is not quite
explanatory, anyway.

man pam_ldap

I don't know abotu nslcd.


Thank you.

Alberto
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 09:46 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org