| |
| |
| |
|
Comments:
<0> wick2o: i'm talking about getting it to find things in ldap if you are using anything other than AD.
<1> ahhh that i will completely agree
<1> I figure ldap is the best option for a central contact database
<1> something that if i allow people on the go and still have access to and KNOW its up-to-date
<2> There is user who know how to connect 3rd server via LDAP server?
<3> wooya510: openldap? if so, there's slurpd and syncrepl. look at adminguide and faq-o-matic at openldap.org
<4> hi
<4> i have suffix problem
<4> can someone help clarify? :)
<3> th3man: if you can tell us what the problem is first ;)
<2> There is user who know how to the client connect to the 3rd server through LDAP server?
<5> I'm sorry, what?
<2> hello
<2> Are you there?
<3> wooya510: you don't make sence.. are you talking via babelfish or something?
<2> Gagatan: don't make sense??
<2> Gagatan: sorry
<3> "There is user who know how to the client connect to the 3rd server through LDAP server?" yes.. this doesn't make sence.. please explain what you're trying to do
<2> Gagatan: sorry , I can't english very well :D
<2> Gagatan: I can't speak english very well :D
<3> well.. try to explain what you want to do
<2> OK, thanks
<2> currently, I installed LDAP in computer called 'A' Server
<2> and I installed LDAP client packages in client computer called 'B'
<2> For the Auth testing, I try to connect ssh from B to A
<2> e.g) ssh wooya510@A_SERVER_IP
<2> This testing is good
<2> One more, I wanna to connect to other client computer called "C"
<2> via LDAP SERVER
<2> this is possible?
<2> that' s all
<3> so.. you want ssh-logins with remote-ldap for userlookup and authentication for 2 or more computers?
<2> yes
<3> so you have computer a,b and c.. a is running the ldapsoftware
<3> correct?
<3> (where ldapsoftware, I mean the ldapserver)
<2> sure
<2> I installed LDAP SERVER Packages
<2> My system is debian sarge
<2> Finally, B(client)->A(LDAP SERVER)->C(name SERVER)
<3> well.. this scenario is why many people concider using ldap for.. so yes.. its very much doable :) I've lost count on how many computers and services using ldap for userlookup and authentication
<3> you can start with nss_ldap, and make userlookup work (getent p***wd <username only in ldap>)
<3> then move on to pam_ldap and make ssh & friends use it
<2> getent p***wd <username only in ldap>? this command line run in the C client?
<3> yep..
<2> I will try to run your advice :)
<2> oops ^^
<2> Thank you so much
<2> Gagatan: I have one more problem. I used the migration tools and type the following command
<2> cd /usr/share/migrationtools
<2> ./migrate_p***wd.pl /etc/p***wd | grep -v 'objectCl***: accout' > /tmp/p***wd.ldif
<2> And type "ldapadd -D 'cn=admin,dc=ldap,dc=wooya510,dc=com' -c -x -W -f /tmp/p***wd.ldif"
<2> but occured error messages
<2> additional info: objectCl***: value #5 invalid per syntax
<3> why grep -v?
<6> it should only be used if the env variable for extended usage (which would add both account and inetOrgPerson) is set
<6> in unpatched migrationtools, IIRC
<7> hi again
<7> does it makes sense to have more than a mail attribute and save them into separate directories?
<8> morning
<3> esci: mail is multivalued, right?
<7> yes
<3> doesn't that answer your question? ;)
<7> no, because, if I use mailMessageStore they would be in the same directory right?
<7> I'm just asking if inside the qmailUser schema there's something I could use to have more than a directory to store mail
<7> (or any other schema)
<3> that would be like having multiple aliases delivered to one mailstore
<7> ok
<7> thanks, that solves my question :)
<3> as far as I can see anyways
<9> hi, currently there is no support for master <=> master replication in ldap -- is this correct?
<3> only experimental if you're talking about openldap.. other vendors do support multi-master.. (sun, netscape, fedora etc)
<9> ok, thank you
<8> somehow these quotatools are NOT made for a 6TB filesystem
<8> oops
<8> wrong window
<10> actually ldap is never the wrong window ;)
<8> hmm
<8> does anyone know a bit about luma here? if I don't store a p***word, it does not prompt me for one during bind.
<11> it probably ***umes anonymous bind then ?
<3> Celestar: it will come in 2.4.. its supported in cvs-version
<12> hi everyone
<12> could someone give me a hint how to add a schema for openldap when using the new cn=config configuration backend?
<6> dev-zero|work, you'd have to convert it to ldif and ldapadd it under cn=config
<6> as your existing ones were
<12> hmm, ok
<11> cn=config backend ?
<11> Where do I read about that ?
<6> in the admin guide I think
<6> I don't think there is a man page
<12> yep, the admin guide has it
<12> and http://www.openldap.org/faq/data/cache/1365.html
<12> but there isn't much
<12> _ranger_: do you mean by "convert it to ldif" to convert it by hand or is there a tool?
<11> So what's this? Saving slapd.conf data in there ?
<6> dev-zero|work, you could just add it to your old slapd.conf (if you have it still), run slapd -f slapd.conf -F /tmp, and then use the ldif it creates
<6> docelic, well, what would have been in slapd.conf
<6> docelic, changes take effect immediately
<6> no restart
<11> Right.. and you wouldn't have to maintain all access rights in slapd.conf
<11> interesting
<6> well, you would still maintain them in the configuration, but you wouldn't have to restart for a change
<6> though ... if you plan your ACLs well in the beginning (eg, using dynattr), then you shouldn't need restarts much ...
<11> right.. but I find the text blocks in slapd.conf so silly
<11> It's okay if you just have them there, but if you modify them often and possibly with automated tools...
<6> docelic, yes, if you need modification of configuration via tools ... back-config would be better
<6> but, you should use groups instead
<6> eg, I have an Authenticators group, members may read userP***word (some radius servers, mail servers don't really work well without read access to userP***word)
<6> so, adding another one is an ldap operation, not a config chagne
<11> right
<11> I suppose those groups weren't available (or mentioned) in the ldap administration book? I dont remember reading about them
<12> sasl could be used for mail-servers
<6> docelic, they've alwways been available
<6> dev-zero|work, that all depends on the server, doesn't it ...
<12> yess
<6> and, if it doesn't support re-binding as the user, what is the chance it supports sasl ?
<6> not good.
<6> same goes for radius
<6> and, we store p***words encrypted in ldap, so it's not an option
<6> (with > 1.3 million entries)
<12> _ranger_: thanks a lot
<13> hi euclid :-)
<14> afternoon :-)
<14> anyway, I just figure it's better to run openldap 2.3.X for the future than sticking with RHEL4's antiquated version
<13> Heh. Fortunatly, RHEL4 was before I became Red Hat's OpenLDAP maintainer. :-)
<14> it seems to be quite a mess
<13> Yeah. There's a reason why we picked a new maintainer.
<14> so what's my best option, hang on until 2.3.27 reaches FC devel?
<13> None of the post-2.3.19 patches look paticularly important to me, so you should be able to take the 2.3.19 spec file, change the version number, and rebuild against the 2.3.27 tarball.
<14> ok
<13> But if I get off my lazy butt, there might be a new 2.3.27 rpm tomorrow.
<14> or the 2.3.24 currently in FC devel
<13> Or that one, even better.
<13> It takes just this side of forever on my Celeron-500 :-(
Return to
#ldap
or
Go to some related
logs:
#debian
postfix deferred 127.0.0.1 port 10024
UStumble
Kristin Joan Svelte
can't locate object method buildAccessorsScalar
Celeron (Mendocino) genkernel
#osdev
#ubuntu
mysqldump: Got error: 1017: Can't find file: '
#php
|
|