[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: [K12OSN] ldap help requested



Brian,

Thanks for sending along your slapd.conf; mine is virtually identical in its
configuration.

Now, I will say trhat I add ACL rules to slapd.access.conf, as follow:

access to dn=".*,dc=mylan,dc=com" attr=userPassword
	by dn="cn=root,dc=mylan,dc=net" write
	by self write
	by * auth

access to dn=".*,dc=mylan,dc=com" attr=mail
	by dn="cn=root,dc=mylan,dc=net" write
	by self write
	by * read

access to dn=".*,ou=People,dc=mylan,dc=com"
	by * read

access to dn=".*,dc=mylan,dc=com"
	by self write
	by * read

Could it be one (or all) of these?

Dimitri

-----Original Message-----
From: Brian Fahrlander [mailto:kilroy kamakiriad com]
Sent: Thursday, July 10, 2003 14:31
To: k12osn redhat com
Subject: RE: [K12OSN] ldap help requested


On Thu, 2003-07-10 at 13:02, IT wrote:
> Brian,
> 
> I've actually installed DirectoryAdministrator on an RH box.
Unfortunately,
> I had less success w/ ldap on that box than I'm having on the Mandrake.
> 
> I wish there was a troubleshooting section in the ldap manual.  I'm in the
> process of looking through the openldap mailing list archives for a
solution
> to my problem, but, as we know, that can be a pita.

    Wow; more problem under Redhat? That's insane...this shouldn't be an
OS issue at all.

    Getting ldap to update was almost trivial; let me send you my
settings for slapd.conf, and maybe the comparison will turn something
up.  (I'm not worried about security on LDAP; I use it only behind the
firewall, and completely for the purpose of learning LDAP, and how it
relates to the other software.  :(

Slapd.conf:
-----------
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
#include                /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/redhat/rfc822-MailMember.schema
include         /etc/openldap/schema/redhat/autofs.schema
include         /etc/openldap/schema/redhat/kerberosobject.schema
include         /etc/openldap/schema/inetorgperson.schema
 
# Define global ACLs to disable default read access.
 
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org
 
#pidfile        //var/run/slapd.pid
#argsfile       //var/run/slapd.args
 
# Create a replication log in /var/lib/ldap for use by slurpd.
#replogfile     /var/lib/ldap/master-slapd.replog
 
# Load dynamic backend modules:
# modulepath    /usr/sbin/openldap
# moduleload    back_ldap.la
# moduleload    back_ldbm.la
# moduleload    back_passwd.la
# moduleload    back_shell.la
 
#
# The next three lines allow use of TLS for connections using a dummy test
# certificate, but you should generate a proper certificate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
# TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
#
# Sample Access Control
#       Allow read access of root DSE
#       Allow self write access
#       Allow authenticated users read access
#       Allow anonymous users to authenticate
#
#access to dn="" by * read
#access to *
#       by self write
#       by users read
#       by anonymous auth
#
# if no access controls are present, the default is:
#       Allow read by all
#
# rootdn can always write!
 
#######################################################################
# ldbm database definitions
#######################################################################
 
database        ldbm
suffix          "dc=kamakiriad,dc=com"
rootdn          "cn=Manager,dc=kamakiriad,dc=com"
rootpw          secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory       /var/lib/ldap
index   cn,sn pres,eq,sub



-- 
------------------------------------------------------------------------
Brian Fahrländer          GNU/Linux Zealot, Conservative, and Technomad
Evansville, IN                    My Voyage: http://www.CounterMoon.com
ICQ  5119262
------------------------------------------------------------------------




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]