TIMFOX123
asked on
Mandrake as an openldap client
I have the latest madrake and an working ldap server.
I need to configure the files so it will look at the server.
nsswitch is taken care of
ldap.conf is taken care of
Where do I put:
USELDAP=yes
USELDAPAUTH=yes
Do I need to use other files ?
I need to configure the files so it will look at the server.
nsswitch is taken care of
ldap.conf is taken care of
Where do I put:
USELDAP=yes
USELDAPAUTH=yes
Do I need to use other files ?
/etc/sysconfig/authconfig is for RedHat/Fedora, SuSE or Mandrake may not have this file.
By the way, do you set up the LDAP user account in your LDAP server?
Wesly
By the way, do you set up the LDAP user account in your LDAP server?
Wesly
ASKER
I am trying to setup a user in the ldap client you suggested and I can create OU's just fine but when I add a user or organizational user the utility looks like it create them but when I look at the ldap tree I see that they are not being created. I am trying to create them under
ou=it,dc=suse,dc=de
I am clearly doing something silly.
Oh, I just gave you 500 points on another question. You have been very nice to help me!.
ou=it,dc=suse,dc=de
I am clearly doing something silly.
Oh, I just gave you 500 points on another question. You have been very nice to help me!.
Hi,
You might want to use LDAP Browser/Editor for Windows to add/remove user in LDAP server:
http://www-unix.mcs.anl.gov/~gawor/ldap/
It's quite convience and esay to do it through LDAP browser.
Besides,
> I am trying to setup a user in the ldap client
You should add ldap user at LDAP SERVER, not client.
Wesly
You might want to use LDAP Browser/Editor for Windows to add/remove user in LDAP server:
http://www-unix.mcs.anl.gov/~gawor/ldap/
It's quite convience and esay to do it through LDAP browser.
Besides,
> I am trying to setup a user in the ldap client
You should add ldap user at LDAP SERVER, not client.
Wesly
ASKER
I was using that utility
I have read their instructions, it just will only let me add organisational units and nothing else.
I have read their instructions, it just will only let me add organisational units and nothing else.
You need to create OU first, say Users, then add entry under Users' OU.
Wesly
Wesly
ASKER
I did create an ou. I created all types of OUs
My editor is:
Comment from wesly_chen feedback
Date: 12/01/2004 07:34PM PST
Comment
Hi,
You might want to use LDAP Browser/Editor for Windows to add/remove user in LDAP server:
http://www-unix.mcs.anl.gov/~gawor/ldap/
My editor is:
Comment from wesly_chen feedback
Date: 12/01/2004 07:34PM PST
Comment
Hi,
You might want to use LDAP Browser/Editor for Windows to add/remove user in LDAP server:
http://www-unix.mcs.anl.gov/~gawor/ldap/
I use LDAP browser connected to my LDAP server, I expaneded "ou=People" and click on one user,
there is what that user attribute show up on the right hand side of LDAP browser:
--------
loginShell /bin/bash
gidNumber 613
uidNumber 609
userPassword [B@16d8196
uid bb
objectClass account
objectClass posixAccount
objectClass top
homeDirectory /usr/local/bb
cn bb
-------
So you need to click on "ou=People" (if you have one) and click Edit--> Add Entry--> Person
and fill up the table in the pop-up window.
Wesly
there is what that user attribute show up on the right hand side of LDAP browser:
--------
loginShell /bin/bash
gidNumber 613
uidNumber 609
userPassword [B@16d8196
uid bb
objectClass account
objectClass posixAccount
objectClass top
homeDirectory /usr/local/bb
cn bb
-------
So you need to click on "ou=People" (if you have one) and click Edit--> Add Entry--> Person
and fill up the table in the pop-up window.
Wesly
ASKER
I just setup an openldap server using your distro ( redhat fedora 3 ) to try to get this going any way I can.
I installed the RPM and the basedn is: dc=my-domain,dc=com
The password is secret.
I did not change or modify anything.
I try to connec to it using your utility as Manager and get the error message "Failed to read entry dc=my-domain,dc=com"
Please note that in the utility I can click on 'fetch dn" and it will get the: dc=my-domain,dc=com
Ldap Browser\Editor 2.8.2
Settings for my browser \ editor:
host: 192.168.123.170 port 389 version 3
user dn: cn=Manager,dc=my-domain,dc =com
You may say I am starting this excersise over again.
I really do appricaite your patiance. I think I am missing something basic.
I installed the RPM and the basedn is: dc=my-domain,dc=com
The password is secret.
I did not change or modify anything.
I try to connec to it using your utility as Manager and get the error message "Failed to read entry dc=my-domain,dc=com"
Please note that in the utility I can click on 'fetch dn" and it will get the: dc=my-domain,dc=com
Ldap Browser\Editor 2.8.2
Settings for my browser \ editor:
host: 192.168.123.170 port 389 version 3
user dn: cn=Manager,dc=my-domain,dc
You may say I am starting this excersise over again.
I really do appricaite your patiance. I think I am missing something basic.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core. schema
include /etc/openldap/schema/cosin e.schema
include /etc/openldap/schema/ineto rgperson.s chema
include /etc/openldap/schema/nis.s chema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/sbin/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it. Your client software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /usr/share/ssl/certs/ca-bu ndle.crt
# TLSCertificateFile /usr/share/ssl/certs/slapd .pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd .pem
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
########################## ########## ########## ########## ########## #####
# ldbm and/or bdb database definitions
########################## ########## ########## ########## ########## #####
database bdb
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,d c=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenna me eq,pres,sub
index uidNumber,gidNumber,loginS hell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
# Replicas of this database
#replogfile /var/lib/ldap/openldap-mas ter-replog
#replica host=ldap-1.example.com:38 9 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.e xample.com @EXAMPLE.C OM
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.
include /etc/openldap/schema/cosin
include /etc/openldap/schema/ineto
include /etc/openldap/schema/nis.s
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/sbin/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it. Your client software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /usr/share/ssl/certs/ca-bu
# TLSCertificateFile /usr/share/ssl/certs/slapd
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
##########################
# ldbm and/or bdb database definitions
##########################
database bdb
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,d
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenna
index uidNumber,gidNumber,loginS
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
# Replicas of this database
#replogfile /var/lib/ldap/openldap-mas
#replica host=ldap-1.example.com:38
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.e
ASKER
In both suse and mandrake I could not find this file. I then installed all packages that had to do with ldap and looked for any that had authconfig.
Where is this file ? I installed pam and other dependancies.