[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 400
  • Last Modified:

Mandrake as an openldap client

I have the latest madrake and an working ldap server.  

I need to configure the files so it will look at the server.

nsswitch is taken care of
ldap.conf is taken care of

Where do I put:  

USELDAP=yes
USELDAPAUTH=yes

Do I need to use other files ?

0
TIMFOX123
Asked:
TIMFOX123
  • 6
  • 5
1 Solution
 
TIMFOX123Author Commented:
I think I am supposed to edit the /etc/sysconfig/authconfig

In both suse and mandrake I could not find this file.   I then installed all packages that had to do with ldap and looked for any that had authconfig.

Where is this file ?  I installed pam and other dependancies.
0
 
wesly_chenCommented:
/etc/sysconfig/authconfig is for RedHat/Fedora, SuSE or Mandrake may not have this file.

By the way, do you set up the LDAP user account in your LDAP server?

Wesly
0
 
TIMFOX123Author Commented:
I am trying to setup a user in the ldap client you suggested and I can create OU's just fine but when I add a user or organizational user the utility looks like it create them but when I look at the ldap tree I see that they are not being created.   I am trying to create them under
ou=it,dc=suse,dc=de

I am clearly doing something silly.

Oh, I just gave you 500 points on another question.  You have been very nice to help me!.  
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
wesly_chenCommented:
Hi,

  You might want to use LDAP Browser/Editor for Windows to add/remove user in LDAP server:
http://www-unix.mcs.anl.gov/~gawor/ldap/

  It's quite convience and esay to do it through LDAP browser.

Besides,
> I am trying to setup a user in the ldap client
You should add ldap user at LDAP SERVER, not client.

Wesly
0
 
TIMFOX123Author Commented:
I was using that utility


I have read their instructions, it just will only let me add organisational units and nothing else.
0
 
wesly_chenCommented:
You need to create OU first, say Users, then add entry under Users' OU.

Wesly
0
 
TIMFOX123Author Commented:
I did create an ou.  I created all types of OUs

My editor is:

 Comment from wesly_chen   feedback
Date: 12/01/2004 07:34PM PST
      Comment       
Hi,

  You might want to use LDAP Browser/Editor for Windows to add/remove user in LDAP server:
http://www-unix.mcs.anl.gov/~gawor/ldap/
0
 
wesly_chenCommented:
I use LDAP browser connected to my LDAP server, I expaneded "ou=People" and click on one user,
there is what that user attribute show up on the right hand side of LDAP browser:
--------
loginShell             /bin/bash
gidNumber             613
uidNumber             609
userPassword   [B@16d8196
uid             bb
objectClass       account
objectClass       posixAccount
objectClass       top
homeDirectory  /usr/local/bb
cn             bb
-------
So you need to click on "ou=People" (if you have one) and click Edit--> Add Entry--> Person
and fill up the table in the pop-up window.

Wesly
0
 
TIMFOX123Author Commented:
I just setup an openldap server using your distro ( redhat fedora 3 ) to try to get this going any way I can.

I installed the RPM and the basedn is:   dc=my-domain,dc=com
The password is secret.  

I did not change or modify anything.  

I try to connec to it using your utility  as Manager and get the error message "Failed to read entry dc=my-domain,dc=com"

Please note that in the utility I can click on 'fetch dn" and it will get the:  dc=my-domain,dc=com

Ldap Browser\Editor 2.8.2

Settings for my browser \ editor:

host:  192.168.123.170  port 389 version 3
user dn:  cn=Manager,dc=my-domain,dc=com

You may say I am starting this excersise over again.

I really do appricaite your patiance.  I think I am missing something basic.





0
 
wesly_chenCommented:
Could you post your /etc/openldap/slapd.conf?

Besides, here is some reference for OpenLDAP on RedHat (Fedora)
http://www.redhat.com/docs/manuals/enterprise/RHEL-3-Manual/ref-guide/ch-ldap.html

Wesly
0
 
TIMFOX123Author Commented:
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include            /etc/openldap/schema/core.schema
include            /etc/openldap/schema/cosine.schema
include            /etc/openldap/schema/inetorgperson.schema
include            /etc/openldap/schema/nis.schema

# Allow LDAPv2 client connections.  This is NOT the default.
allow bind_v2

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral      ldap://root.openldap.org

pidfile            /var/run/slapd.pid
argsfile      /var/run/slapd.args

# Load dynamic backend modules:
# modulepath      /usr/sbin/openldap
# moduleload      back_bdb.la
# moduleload      back_ldap.la
# moduleload      back_ldbm.la
# moduleload      back_passwd.la
# moduleload      back_shell.la

# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.  Your client software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem

# Sample security restrictions
#      Require integrity protection (prevent hijacking)
#      Require 112-bit (3DES or better) encryption for updates
#      Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#      Root DSE: allow anyone to read it
#      Subschema (sub)entry DSE: allow anyone to read it
#      Other DSEs:
#            Allow self write access
#            Allow authenticated users read access
#            Allow anonymous users to authenticate
#      Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#      by self write
#      by users read
#      by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database      bdb
suffix            "dc=my-domain,dc=com"
rootdn            "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw            secret
# rootpw            {crypt}ijFYNcSNctBYg

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory      /var/lib/ldap

# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
#     bindmethod=sasl saslmech=GSSAPI
#     authcId=host/ldap-master.example.com@EXAMPLE.COM
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now