Mailinglist Archive: yast-devel (233 mails)

< Previous Next >
Re: [yast-devel] ldap setup ideas / wishlist
  • From: Ralf Haferkamp <rhafer@xxxxxxx>
  • Date: Tue, 27 Oct 2009 10:00:45 +0100
  • Message-id: <200910271000.45364.rhafer@xxxxxxx>
Am Montag 26 Oktober 2009 19:32:53 schrieb Nicholas Tung:
Hi all,

I liked much of the YaST LDAP setup (particularly adding new users
through the same UI as adding local users), but overall it did take a
while to get set up. Here are a few simple things that might make it
easier (sorry I'm not a YaST developer),


* undo the wizard if it fails to start the daemon. Otherwise, the
root objects will not get created (this step happens after it tries to
start the daemon), leading to many confusing errors.
This sounds like a bug. Could you please report it via bugzilla? With exact
steps how to reproduce it please. (Preferably tested with a recent 11.2
milestone as some bugs have been fixed in the yast2-ldap-server module
recently)

* make sure user "ldap" can read the certificate files, or else
the daemon will not start (error above) if the "slp dameon" box is
enabled.
Hm, the ldap-server adds filesystem ACLs to the certificates so that the user
"ldap" can read them. If this doesn't work this is a bug as well.
Note however that this should have nothing to do with SLP checkbox. If the
"ldap" user cannnot read the certificates it should not start regardless of
the SLP setting.

* allow the client to import self-signed certificate files. I'm
still not sure why this isn't working correctly, since overriding
TLS_CACERT in /etc/openldap/ldap.conf seemed to fix the problem for
the command line tools.
Hm, could you elaborate a bit on this? I am not sure I understand you
correctly. Probably you should at this as a feature request to
features.opensuse.org.


--
regards and thank you for your valueable feedback,
Ralf
--
To unsubscribe, e-mail: yast-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-devel+help@xxxxxxxxxxxx

< Previous Next >
References