[Date Prev][Date Next] [Chronological] [Thread] [Top]

NEWBIE trying to get to grips



I have been given the job of setting up a test system using 
LDAP/PAM/SAMBA. Unfortunately, I'm a relative newbie to most of these
technologies and I have a lot of minor questions so as to get things
definitive in my head, so, please bear with me. 

The goal is to set up a Samba "NT-Domain" on a server (RedHat6.2). The 
same server will also run slapd (OpenLDAP1.2.11). I want to be able to
authenticate WindowsNT4 and RedHat6.2 clients againt the samba-PDC who
authenticates against the LDAP server. From what I've read I gather that
this is possible!??

Anyhow, for the moment I'm concentrating on getting linux clients
authenticating against LDAP without samba. So far I have slapd running
fine. I used migrate_base.pl script from www.padl.com to create the base
entries. The first two entries the script created were: 

dn: c=IE
c: IE
objectClass: top
objectClass: country
objectClass: domainRelatedObject
associatedDomain: ul.ie

dn: o=UL,c=IE
o: UL
objectClass: top
objectClass: organization
objectClass: domainRelatedObject
associatedDomain: ul.ie
  
Slapd wouldn't allow the first entry to be added but would allow the
second when I removed the first from the LDIF file. The Base_DN I
specified in all files is "o=UL,c=IE". What is wrong with the first
entry!? Also what is the "top" objectclass used for?

----------
Also, if you compile with --enable-wrappers can you run slapd from the
command line as opposed to inetd and make use of tcp-wrappers? If so,
would something like "slapd : <domain> : ALLOW" in your /etc/hosts.allow
work?

----------
Why would these access perms in my slapd.conf file prevent me from reading
entries in the database? When I use the -D -w switches with ldapsearch I
can read everything!

defaultaccess   read
access to dn=".*,o=UL,c=IE"
        by self write
        by *    search

What are the best perms for making general info readable but passwords
secure bearing in mind that pam_ldap needs to authenticate using the
password attribute? What mechanism/binding-order does pam_ldap use to
authenticate? 

-------------


I have a lot more questions but I don't want to overkill totally in my
first mail so if someone could set me straight on these issues first I
would be most grateful!

Thanks,
Ross