Re: Questions on 389 configuration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 07/12/2012 04:13 AM, Alberto Suárez wrote:

Hi,
I have finished configuring 389 on Centos 6.2. and it seems to work ok now. Not a conceptually difficult exercise, but a very complex exercise in practice, due to the many details that have to be born in mind which either are not well documented (IMHO) or scatterd in several docs, plus the tricky changes introduced by Centos 6.2.
My intention is to prepare a doc in spanish explaining how to set the thing up from the beginning and make it available to anyone who needs it.
However I still have some doubts after having gone through the installation an configuration of the product:
1. Autobind and LDAPI. From my understanding, Centos 6.2 wants you to use SSL, but on the other hand there is LDAPI which is meant to be faster and more secure. In my case, the client and LDAP will be sitting on the same machine, so I do not see the point in using SSL as opposed to ldapi. How do you configure 389 to use ldapi and not SSL? I enabled LDAPI and configured Autobind following the instructions given in RHDS 9.0 documentation, but I do not se how it is (if it is) used. 

To test it, you have to use an ldapi URL like this:
ldapmodify -x -H ldapi://pathtosocket.socket -D "cn=directory manager" -w password -a
Where pathtosocket.socket is the full absolute path of the socket file, with the '/' replaced with '%2F' 

The access log will tell you if the connection is using ldapi

I don't know if pam/nss ldap supports ldapi.
2. Is there some doc that explains the various directives found in /etc/pam_ldap.conf and /etc/nslcd.conf files? I have configured some in order to get it to work, but I do not understand well its purpose. The man page does not cover every directive and it is not quite explanatory, anyway. 
man pam_ldap

I don't know abotu nslcd.


Thank you.

Alberto
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux