lør, 2002-08-03 kl. 03:31 skrev Steve Johnson: > thanks to everyone that e-mailed me "newbie" suggestions off-list. i > got sidetracked on another project and finally got back to trying > this out. it turns out i was doing two things wrong: > 1) i had to change the owner of "/usr/local/var/openldap-ldbm" and > the files inside to be "ldap" instead of "root" since slapd was > running as "ldap". IMHO this should have been done by the "make > install" command, but maybe there are other factors i don't > understand. since an older version of OpenLDAP was already installed > i think certain things had been done that normally aren't done when > installing from source. > 2) i had to use ldapadd instead of slapadd. now that i've done it > the instructions make much more sense, but essentially i took these > lines out of the LDIF file and loaded them with slapadd (while slapd > wasn't running): At this point I'd like to comment that: Many things that work for others with 2.1.3/PADL pam_ldap/nss_ldap/Berkeley 4.0 don't always seem to work for me, and vice versa. This is true as far as Steve's findings on slapadd and ldapadd are concerned; for example, I can't get ldapadd to work properly, whilst slapadd always works. It's not just this example though. pam_ldap seems to work completely differently for me than for others on this list. Openssl TLS/SSL works differently for me, too, than examples quoted elsewhere. Basically, I can do anything I want with Openldap that I want to at the moment, although most of what I want is specifically confined to "virtual users and domains, including mail forwarding and aliases with the Exim SMTP MTA". Though at the same time, ldap-based (as far better alternative to yukky NIS) login accounts are important too. For these and the above things, Openldap still - after a month or so - seems like magic after the constraints of virgin Unix. However, I've had little help from the examples on this list as far as PAM is concerned - it just works differently for me :-/ ; however, everything works, and that's the main thing. What I said about "examples" above doesn't apply to "people". They've been top, and their help and comments have been the main reason that everything works. Them and Vincent Danen. My conclusion to date, is that Openldap is a fantastic "modelling toolset" for the averagely intelligent, goal-conscious and inquisitive sysadmin. But it's far from being a saleable "product". I would rather define it as "an anarchistic set of building blocks, with no hard and fast rules (or rather, rules that can be bent and twisted according to one's own desires and system requirements), to create practically any Unix administrative environment that one wishes to achieve." In that respect it's rather like Exim (as opposed to, say, BIND DNS). And that just has to be worth something. Best, Tony -- Tony Earnshaw The usefulness of RTFM is vastly overrated. e-post: tonni@billy.demon.nl www: http://www.billy.demon.nl gpg public key: http://www.billy.demon.nl/tonni.armor Telefoon: (+31) (0)172 530428 Mobiel: (+31) (0)6 51153356 GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981 3BE7B981
Attachment:
signature.asc
Description: Dette er en digitalt signert meldingsdel