Mailinglist Archive: opensuse (1702 mails)

< Previous Next >
Re: [opensuse] Re: ldap slpd config
  • From: Ralf Haferkamp <rhafer@xxxxxxx>
  • Date: Tue, 15 Sep 2009 14:16:52 +0200
  • Message-id: <200909151416.52157.rhafer@xxxxxxx>
Am Sonntag 13 September 2009 02:32:19 schrieb Linda Walsh:
I didn't see this come back from the list, so I'm reposting AND updating --
have been trying different things...please forgive any duplication.

Ralf Haferkamp ~asked:
q(ldapsearch -x -H ldap://<your.ldapserver.address> -b "" -s base +)?

linda:
Wow...that worked! Excellent...some output...
(I used "localhost" as my server, using the server name doesn't seem to
work).

Ralf Haferkemp replied:
Ok. So your ldapserver is listening on the normal LDAP server port and
accepting connections (if using the hostname does not work, it seems that
your name service configuration is somehow screwed, or a firewall is
getting in your way).

----
linda: no FW. Just not config'ed. I let yast set it up, but I didn't
do something right, or yast left it in a weird state, so it's
"at where its at" -- messed up; I'm a complete newb to ldap.
I can't really imagine what went wrong for you. Probably the best idea is to
start over again by cleaning up a bit an rerunning the ldap-server
configuration. You can do that by:

1. remove the opendldap2 package: rpm -e openldap2
2. remove the database: rm -rf /var/lib/ldap
3. remove the config directory: rm -rf /etc/openldap/slapd.d
4. remove the old config files:
rm /etc/openldap/slapd.conf*
rm /etc/sysconfig/openldap

After that you should be ready to run the yast2 ldap-server module again.

Got books
on it, but they all seem "greek" none of the examples fit,
Probably your books are just not current enought to fit the openldap Version
we ship. Recent openldap Version support to different configuration
mechanisms. One is through the config files /etc/openldap/slapd.conf to other
one is through a special ldap database (with the suffix cn=config) which is
stored below /etc/openldap/slapd.d/. On openSUSE you can choose which
mechanism to use through a setting in /etc/sysconfig/openldap. The YaST
module has support only for the database mechanism.

no scripts or make files to move my /etc passwd+shad+group into it;
Yeah, we don't have anything for that on the distro, but usually the available
solution require a lot of manual tweaking anyways.

no way to
understand 'how' to add other database items to it...alot of schema's and
.ldif(?) files, but not sure how they relate.
Not sure what you mean by this.

Am usually good w/tech books, but this is such a different
language, I haven't gotten the mental points to hang the concepts on.

What still doesn't seem to work it the access via ldapi:// as used by the
YaST ldap-server module. Did you check /etc/sysconfig/openldap as stated
in my first mail? Also please check the command-line arguments that slapd
is started with:
ps axuw | grep slapd

ldap 25292 0.0 0.1 128852 14356 ? Ssl 00:43 0:09 /usr/lib/openldap/slapd -h
ldap:// -F /etc/openldap/slapd.d -u ldap -g ldap -o slp=on ---
I looked in the rc script and it doesn't appear to have any interfaces
defined. I'm not sure where or what was suppose to add them. netstat
shows ldap listening on port 389,

I'm not sure what (if any) the relation is between slapd and slpd, but
slpd is listening on 192.168.3.1:427, the host's addr, and localhost:427.
They are not related.

ldap is listening on 0.0.0.0(:389), which I guess(?) means it
should accept connections coming from any network.
Yes.

I changed that and added ldapi -- yast reads it as an empty database.

I added most of the ldif/schema's I could -- (at least the ones that didn't
hang yast) --
You should open bug reports if there is really a schema file which hangs yast.

but I don't know how to setup a proper 'realm' (which is
what I keep getting errors about),
When do you get that error. As a result of which command?

nor how to merge my passwd/group/shad,
netgroup, services, 'addressbook' info, samba authentication
(running as a domain server for 1 workstation (my desktop) & occasional
guests..). Have I missed any uses for it...it seems like it's supposed
to be usable for just about everything... ;-)

So how do I get stuff into it and get authentication and services?

You can use yast2 ldap-client to setup LDAP authentication (nss and pam).
yast2 users is able to manage users and groups on the ldap server. yast2
samba-server is AFAIK able to setup a samba server with an LDAP backend.

--
Ralf
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups