Hi,
I have finished configuring 389 on Centos 6.2. and it seems to work ok now. Not a conceptually difficult exercise, but a very complex exercise in practice, due to the many details that have to be born in mind which either are not well documented (IMHO) or scatterd in several docs, plus the tricky changes introduced by Centos 6.2.
My intention is to prepare a doc in spanish explaining how to set the thing up from the beginning and make it available to anyone who needs it.
However I still have some doubts after having gone through the installation an configuration of the product:
1. Autobind and LDAPI. From my understanding, Centos 6.2 wants you to use SSL, but on the other hand there is LDAPI which is meant to be faster and more secure. In my case, the client and LDAP will be sitting on the same machine, so I do not see the point in using SSL as opposed to ldapi. How do you configure 389 to use ldapi and not SSL? I enabled LDAPI and configured Autobind following the instructions given in RHDS 9.0 documentation, but I do not se how it is (if it is) used.
2. Is there some doc that explains the various directives found in /etc/pam_ldap.conf and /etc/nslcd.conf files? I have configured some in order to get it to work, but I do not understand well its purpose. The man page does not cover every directive and it is not quite explanatory, anyway.
Thank you.
Alberto
Hi
We are using these attributes for a (very basic) configuration of LDAPI (just root -> Directory Manager):
# LDAPI nsslapd-ldapifilepath: /var/run/dirsrv/slapd-XXXX.socket nsslapd-ldapilisten: on nsslapd-ldapiautobind: on nsslapd-ldapimaprootdn: cn=Directory Manager nsslapd-ldapimaptoentries: off nsslapd-ldapientrysearchbase: dc=XXXXX,dc=es
Then, we search this way:
ldapsearch -Y EXTERNAL -H ldapi://%2fvar%2frun%2fdirsrv%2fslapd-XXXX.socket -b "dc=XXXXX,dc=es" -s one "(objectClass=organization)" o
/etc/nslcd.conf is used with nsswitch.conf to make LDAP users and groups available to the system, so, if configured in PAM, they can access the system. pam_ldap.conf (I've never used it), should be to configure PAM to use LDAP as an option to retrieve users and passwords to authenticate the users.
Regards.
2012/7/12 Alberto Suárez asuapaz@gobiernodecanarias.org:
Hi,
I have finished configuring 389 on Centos 6.2. and it seems to work ok now. Not a conceptually difficult exercise, but a very complex exercise in practice, due to the many details that have to be born in mind which either are not well documented (IMHO) or scatterd in several docs, plus the tricky changes introduced by Centos 6.2.
My intention is to prepare a doc in spanish explaining how to set the thing up from the beginning and make it available to anyone who needs it.
However I still have some doubts after having gone through the installation an configuration of the product:
- Autobind and LDAPI. From my understanding, Centos 6.2 wants you to use
SSL, but on the other hand there is LDAPI which is meant to be faster and more secure. In my case, the client and LDAP will be sitting on the same machine, so I do not see the point in using SSL as opposed to ldapi. How do you configure 389 to use ldapi and not SSL? I enabled LDAPI and configured Autobind following the instructions given in RHDS 9.0 documentation, but I do not se how it is (if it is) used.
- Is there some doc that explains the various directives found in
/etc/pam_ldap.conf and /etc/nslcd.conf files? I have configured some in order to get it to work, but I do not understand well its purpose. The man page does not cover every directive and it is not quite explanatory, anyway.
Thank you.
Alberto
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 07/12/2012 04:13 AM, Alberto Suárez wrote:
Hi,
I have finished configuring 389 on Centos 6.2. and it seems to work ok now. Not a conceptually difficult exercise, but a very complex exercise in practice, due to the many details that have to be born in mind which either are not well documented (IMHO) or scatterd in several docs, plus the tricky changes introduced by Centos 6.2.
My intention is to prepare a doc in spanish explaining how to set the thing up from the beginning and make it available to anyone who needs it.
However I still have some doubts after having gone through the installation an configuration of the product:
- Autobind and LDAPI. From my understanding, Centos 6.2 wants you to
use SSL, but on the other hand there is LDAPI which is meant to be faster and more secure. In my case, the client and LDAP will be sitting on the same machine, so I do not see the point in using SSL as opposed to ldapi. How do you configure 389 to use ldapi and not SSL? I enabled LDAPI and configured Autobind following the instructions given in RHDS 9.0 documentation, but I do not se how it is (if it is) used.
To test it, you have to use an ldapi URL like this: ldapmodify -x -H ldapi://pathtosocket.socket -D "cn=directory manager" -w password -a
Where pathtosocket.socket is the full absolute path of the socket file, with the '/' replaced with '%2F'
The access log will tell you if the connection is using ldapi
I don't know if pam/nss ldap supports ldapi.
- Is there some doc that explains the various directives found in
/etc/pam_ldap.conf and /etc/nslcd.conf files? I have configured some in order to get it to work, but I do not understand well its purpose. The man page does not cover every directive and it is not quite explanatory, anyway.
man pam_ldap
I don't know abotu nslcd.
Thank you.
Alberto
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org