Am Sonntag 13 September 2009 02:32:19 schrieb Linda Walsh:
I didn't see this come back from the list, so I'm reposting AND updating -- have been trying different things...please forgive any duplication.
Ralf Haferkamp ~asked:
q(ldapsearch -x -H ldap://
-b "" -s base +)? linda: Wow...that worked! Excellent...some output... (I used "localhost" as my server, using the server name doesn't seem to work).
Ralf Haferkemp replied:
Ok. So your ldapserver is listening on the normal LDAP server port and accepting connections (if using the hostname does not work, it seems that your name service configuration is somehow screwed, or a firewall is getting in your way).
---- linda: no FW. Just not config'ed. I let yast set it up, but I didn't do something right, or yast left it in a weird state, so it's "at where its at" -- messed up; I'm a complete newb to ldap. I can't really imagine what went wrong for you. Probably the best idea is to start over again by cleaning up a bit an rerunning the ldap-server configuration. You can do that by:
1. remove the opendldap2 package: rpm -e openldap2 2. remove the database: rm -rf /var/lib/ldap 3. remove the config directory: rm -rf /etc/openldap/slapd.d 4. remove the old config files: rm /etc/openldap/slapd.conf* rm /etc/sysconfig/openldap After that you should be ready to run the yast2 ldap-server module again.
Got books on it, but they all seem "greek" none of the examples fit, Probably your books are just not current enought to fit the openldap Version we ship. Recent openldap Version support to different configuration mechanisms. One is through the config files /etc/openldap/slapd.conf to other one is through a special ldap database (with the suffix cn=config) which is stored below /etc/openldap/slapd.d/. On openSUSE you can choose which mechanism to use through a setting in /etc/sysconfig/openldap. The YaST module has support only for the database mechanism.
no scripts or make files to move my /etc passwd+shad+group into it; Yeah, we don't have anything for that on the distro, but usually the available solution require a lot of manual tweaking anyways.
no way to understand 'how' to add other database items to it...alot of schema's and .ldif(?) files, but not sure how they relate. Not sure what you mean by this.
Am usually good w/tech books, but this is such a different language, I haven't gotten the mental points to hang the concepts on.
What still doesn't seem to work it the access via ldapi:// as used by the YaST ldap-server module. Did you check /etc/sysconfig/openldap as stated in my first mail? Also please check the command-line arguments that slapd is started with: ps axuw | grep slapd
ldap 25292 0.0 0.1 128852 14356 ? Ssl 00:43 0:09 /usr/lib/openldap/slapd -h ldap:// -F /etc/openldap/slapd.d -u ldap -g ldap -o slp=on --- I looked in the rc script and it doesn't appear to have any interfaces defined. I'm not sure where or what was suppose to add them. netstat shows ldap listening on port 389,
I'm not sure what (if any) the relation is between slapd and slpd, but slpd is listening on 192.168.3.1:427, the host's addr, and localhost:427. They are not related.
ldap is listening on 0.0.0.0(:389), which I guess(?) means it should accept connections coming from any network. Yes.
I changed that and added ldapi -- yast reads it as an empty database.
I added most of the ldif/schema's I could -- (at least the ones that didn't hang yast) -- You should open bug reports if there is really a schema file which hangs yast.
but I don't know how to setup a proper 'realm' (which is what I keep getting errors about), When do you get that error. As a result of which command?
nor how to merge my passwd/group/shad, netgroup, services, 'addressbook' info, samba authentication (running as a domain server for 1 workstation (my desktop) & occasional guests..). Have I missed any uses for it...it seems like it's supposed to be usable for just about everything... ;-)
So how do I get stuff into it and get authentication and services?
You can use yast2 ldap-client to setup LDAP authentication (nss and pam). yast2 users is able to manage users and groups on the ldap server. yast2 samba-server is AFAIK able to setup a samba server with an LDAP backend. -- Ralf -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org