Mailinglist Archive: opensuse (1445 mails)

< Previous Next >
Re: [opensuse] NFS security [Was: SAMBA.]
Hash: SHA1

On 2012-03-17 16:31, lynn wrote:
On 17/03/12 15:12, Carlos E. R. wrote:

You may want the certificate for something else other than LDAP server
verification. Anyway, you don't need to have a server certificate if this
is just a test lan. Get it working without security first. In Yast LDAP
Client, don't check the sssd or tls options.


I think that the certificate I had created previously (years ago) I did
because dovecot required it. I think it was dovecot, not sure now. So I'll
try again to create it correctly (Thunderbird did complain once about
incorrect certificate or something).

As I said, not that easy.

To be able to start again, you need to get rid of the root-ca. It's in
either /var/lib/ca-certificates or /var/lib/CAM. Depending on how far you
got, there may also be a server certificate under /etc/openldap. Lose that

I was thinking on those lines.

/var/lib/ca-certificates: ca-bundle.pem, gcj-cacerts, java-cacerts, dated
sep 15 2011, so they are not the files.


Two directories named as my phony business name, so this is the place.

Ok, deleted all that, created new certificate, but ldap module still
refused to continue.

The files in /etc/ldap are some dated 2005, some 2011, so they are not of

One thing which really helped us was to draw out the tree of what you are
trying to put into the database. Make sure that _every_ node is unique. I
mean draw it with pen and paper and blu-tak it to your screen. With LDAP,
having an aim is essential, otherwise the learning curve is just too steep.
e.g. start with just cn, uid, gid and 'phone number. Armed with that you
should be able to pinpoint everyone both personally and over NFS.

Understandable... but I have absolutely no idea of what to put on all those
fields. I have been trying since 1998 when I started with Linux to put up
an Ldap server. My initial intention was simply to store mail addresses of
my friends, to be able to import them in any mail browser, because it is
the only standard all mail clients understand.

This time, for NFS usage, I have absolutely no idea what to put. If Yast
does it with me clicking "next", fine, otherwise I quit.

I have always abandoned.

In all these years I have never put up an LDAP server.

Compared with Microsoft Windows Active Directory, which is put up in under
an hour (mostly waiting for it to finish with me doing nothing), ldap is
terribly difficult.

I quit again.

This is absurdly difficult.

- --
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 "Celadon" at Telcontar)
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with SUSE -

To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups