Mailinglist Archive: opensuse (1702 mails)
| < Previous | Next > |
Re: [opensuse] Re: ldap slpd config
- From: Ralf Haferkamp <rhafer@xxxxxxx>
- Date: Tue, 15 Sep 2009 14:16:52 +0200
- Message-id: <200909151416.52157.rhafer@xxxxxxx>
Am Sonntag 13 September 2009 02:32:19 schrieb Linda Walsh:
start over again by cleaning up a bit an rerunning the ldap-server
configuration. You can do that by:
1. remove the opendldap2 package: rpm -e openldap2
2. remove the database: rm -rf /var/lib/ldap
3. remove the config directory: rm -rf /etc/openldap/slapd.d
4. remove the old config files:
rm /etc/openldap/slapd.conf*
rm /etc/sysconfig/openldap
After that you should be ready to run the yast2 ldap-server module again.
we ship. Recent openldap Version support to different configuration
mechanisms. One is through the config files /etc/openldap/slapd.conf to other
one is through a special ldap database (with the suffix cn=config) which is
stored below /etc/openldap/slapd.d/. On openSUSE you can choose which
mechanism to use through a setting in /etc/sysconfig/openldap. The YaST
module has support only for the database mechanism.
solution require a lot of manual tweaking anyways.
You can use yast2 ldap-client to setup LDAP authentication (nss and pam).
yast2 users is able to manage users and groups on the ldap server. yast2
samba-server is AFAIK able to setup a samba server with an LDAP backend.
--
Ralf
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
I didn't see this come back from the list, so I'm reposting AND updating --I can't really imagine what went wrong for you. Probably the best idea is to
have been trying different things...please forgive any duplication.
Ralf Haferkamp ~asked:
q(ldapsearch -x -H ldap://<your.ldapserver.address> -b "" -s base +)?
linda:
Wow...that worked! Excellent...some output...
(I used "localhost" as my server, using the server name doesn't seem to
work).
Ralf Haferkemp replied:
Ok. So your ldapserver is listening on the normal LDAP server port and
accepting connections (if using the hostname does not work, it seems that
your name service configuration is somehow screwed, or a firewall is
getting in your way).
----
linda: no FW. Just not config'ed. I let yast set it up, but I didn't
do something right, or yast left it in a weird state, so it's
"at where its at" -- messed up; I'm a complete newb to ldap.
start over again by cleaning up a bit an rerunning the ldap-server
configuration. You can do that by:
1. remove the opendldap2 package: rpm -e openldap2
2. remove the database: rm -rf /var/lib/ldap
3. remove the config directory: rm -rf /etc/openldap/slapd.d
4. remove the old config files:
rm /etc/openldap/slapd.conf*
rm /etc/sysconfig/openldap
After that you should be ready to run the yast2 ldap-server module again.
Got booksProbably your books are just not current enought to fit the openldap Version
on it, but they all seem "greek" none of the examples fit,
we ship. Recent openldap Version support to different configuration
mechanisms. One is through the config files /etc/openldap/slapd.conf to other
one is through a special ldap database (with the suffix cn=config) which is
stored below /etc/openldap/slapd.d/. On openSUSE you can choose which
mechanism to use through a setting in /etc/sysconfig/openldap. The YaST
module has support only for the database mechanism.
no scripts or make files to move my /etc passwd+shad+group into it;Yeah, we don't have anything for that on the distro, but usually the available
solution require a lot of manual tweaking anyways.
no way toNot sure what you mean by this.
understand 'how' to add other database items to it...alot of schema's and
.ldif(?) files, but not sure how they relate.
Am usually good w/tech books, but this is such a differentThey are not related.
language, I haven't gotten the mental points to hang the concepts on.
What still doesn't seem to work it the access via ldapi:// as used by the
YaST ldap-server module. Did you check /etc/sysconfig/openldap as stated
in my first mail? Also please check the command-line arguments that slapd
is started with:
ps axuw | grep slapd
ldap 25292 0.0 0.1 128852 14356 ? Ssl 00:43 0:09 /usr/lib/openldap/slapd -h
ldap:// -F /etc/openldap/slapd.d -u ldap -g ldap -o slp=on ---
I looked in the rc script and it doesn't appear to have any interfaces
defined. I'm not sure where or what was suppose to add them. netstat
shows ldap listening on port 389,
I'm not sure what (if any) the relation is between slapd and slpd, but
slpd is listening on 192.168.3.1:427, the host's addr, and localhost:427.
ldap is listening on 0.0.0.0(:389), which I guess(?) means itYes.
should accept connections coming from any network.
I changed that and added ldapi -- yast reads it as an empty database.You should open bug reports if there is really a schema file which hangs yast.
I added most of the ldif/schema's I could -- (at least the ones that didn't
hang yast) --
but I don't know how to setup a proper 'realm' (which isWhen do you get that error. As a result of which command?
what I keep getting errors about),
nor how to merge my passwd/group/shad,
netgroup, services, 'addressbook' info, samba authentication
(running as a domain server for 1 workstation (my desktop) & occasional
guests..). Have I missed any uses for it...it seems like it's supposed
to be usable for just about everything... ;-)
So how do I get stuff into it and get authentication and services?
You can use yast2 ldap-client to setup LDAP authentication (nss and pam).
yast2 users is able to manage users and groups on the ldap server. yast2
samba-server is AFAIK able to setup a samba server with an LDAP backend.
--
Ralf
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |