[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
NEWBIE trying to get to grips
I have been given the job of setting up a test system using
LDAP/PAM/SAMBA. Unfortunately, I'm a relative newbie to most of these
technologies and I have a lot of minor questions so as to get things
definitive in my head, so, please bear with me.
The goal is to set up a Samba "NT-Domain" on a server (RedHat6.2). The
same server will also run slapd (OpenLDAP1.2.11). I want to be able to
authenticate WindowsNT4 and RedHat6.2 clients againt the samba-PDC who
authenticates against the LDAP server. From what I've read I gather that
this is possible!??
Anyhow, for the moment I'm concentrating on getting linux clients
authenticating against LDAP without samba. So far I have slapd running
fine. I used migrate_base.pl script from www.padl.com to create the base
entries. The first two entries the script created were:
dn: c=IE
c: IE
objectClass: top
objectClass: country
objectClass: domainRelatedObject
associatedDomain: ul.ie
dn: o=UL,c=IE
o: UL
objectClass: top
objectClass: organization
objectClass: domainRelatedObject
associatedDomain: ul.ie
Slapd wouldn't allow the first entry to be added but would allow the
second when I removed the first from the LDIF file. The Base_DN I
specified in all files is "o=UL,c=IE". What is wrong with the first
entry!? Also what is the "top" objectclass used for?
----------
Also, if you compile with --enable-wrappers can you run slapd from the
command line as opposed to inetd and make use of tcp-wrappers? If so,
would something like "slapd : <domain> : ALLOW" in your /etc/hosts.allow
work?
----------
Why would these access perms in my slapd.conf file prevent me from reading
entries in the database? When I use the -D -w switches with ldapsearch I
can read everything!
defaultaccess read
access to dn=".*,o=UL,c=IE"
by self write
by * search
What are the best perms for making general info readable but passwords
secure bearing in mind that pam_ldap needs to authenticate using the
password attribute? What mechanism/binding-order does pam_ldap use to
authenticate?
-------------
I have a lot more questions but I don't want to overkill totally in my
first mail so if someone could set me straight on these issues first I
would be most grateful!
Thanks,
Ross