[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Debian-sf-users] files...
|
From: |
Christian BAYLE |
|
Subject: |
Re: [Debian-sf-users] files... |
|
Date: |
Fri, 01 Mar 2002 19:18:15 +0100 |
brad gray wrote:
>
> >Hi brad
> >
> >Your FDQN might be mead.yggdrasill.mydomain.com
> >the name of your box is I assume mead
>
> exactly.
>
> >I need to check /etc/ldap/slapd.conf
> >an /etc/libnss-ldap.conf
> >
> >(Just paste in the mail)
>
> I GREATLY appreciate all of your help with this!
>
> Here are the files...
>
> /etc/ldap/slapd.conf
>
> include /etc/ldap/schema/core.schema #Added by Sourceforge install
> include /etc/ldap/schema/cosine.schema #Added by Sourceforge install
> include /etc/ldap/schema/inetorgperson.schema #Added by Sourceforge install
> include /etc/ldap/schema/nis.schema #Added by Sourceforge install
> include /etc/sourceforge/sourceforge.schema #Added by Sourceforge install
> # This is the main ldapd configuration file. See slapd.conf(5) for more
> # info on the configuration options.
>
> # Schema and objectClass definitions
> #Comment by Sourceforge install#include /etc/ldap/schema/core.schema
> #Comment by Sourceforge install#include /etc/ldap/schema/cosine.schema
> #Comment by Sourceforge install#include /etc/ldap/schema/nis.schema
> #Comment by Sourceforge
> install#include /etc/ldap/schema/inetorgperson.schema
>
> # Schema check allows for forcing entries to
> # match schemas for their objectClasses's
> schemacheck on
>
> # Where the pid file is put. The init.d script
> # will not stop the server if you change this.
> pidfile /var/run/slapd.pid
>
> # List of arguments that were passed to the server
> argsfile /var/run/slapd.args
>
> # Where to store the replica logs
> replogfile /var/lib/ldap/replog
>
> # Read slapd.conf(5) for possible values
> loglevel 0
>
> #######################################################################
> # ldbm database definitions
> #######################################################################
>
> # The backend type, ldbm, is the default standard
> database ldbm
>
> # The base of your directory
> suffix "dc=mead,dc=yggdrasill,dc=mydomain,dc=com"
>
> # Where the database file are physically stored
> directory "/var/lib/ldap"
>
> # Indexing options
> index objectClass eq
>
> # Save the time that the entry gets modified
> lastmod on
>
> # The userPassword by default can be changed
> # by the entry owning it if they are authenticated.
> # Others should not be able to see it, except the
> # admin entry below
> # Next second line added by Sourceforge install
> access to attribute=userPassword
> by dn="cn=SF_robot,dc=mead,dc=yggdrasill,dc=mydomain,dc=com" write
> by dn="cn=admin,dc=mead,dc=yggdrasill,dc=mydomain,dc=com" write
> by anonymous auth
> by self write
> by * none
>
> # The admin dn has full write access
> # Next lines added by Sourceforge install
> access to dn=".*,ou=People,dc=yggdrasill,dc=mydomain,dc=com"
> by dn="cn=admin,dc=mead,dc=yggdrasill,dc=mydomain,dc=com" write
> by dn="cn=SF_robot,dc=mead,dc=yggdrasill,dc=mydomain,dc=com" write
> by * read
> access to dn="ou=People,dc=mead,dc=yggdrasill,dc=mydomain,dc=com"
> by dn="cn=admin,dc=mead,dc=yggdrasill,dc=mydomain,dc=com" write
> by dn="cn=SF_robot,dc=mead,dc=yggdrasill,dc=mydomain,dc=com" write
> by * read
> access to dn="ou=Group,dc=mead,dc=yggdrasill,dc=mydomain,dc=com"
> by dn="cn=admin,dc=mead,dc=yggdrasill,dc=mydomain,dc=com" write
> by dn="cn=SF_robot,dc=mead,dc=yggdrasill,dc=mydomain,dc=com" write
> by * read
> access to dn="ou=cvsGroup,dc=mead,dc=yggdrasill,dc=mydomain,dc=com"
> by dn="cn=admin,dc=mead,dc=yggdrasill,dc=mydomain,dc=com" write
> by dn="cn=SF_robot,dc=mead,dc=yggdrasill,dc=mydomain,dc=com" write
> by * read
> # End of sourceforge add
> access to *
> by dn="cn=admin,dc=mead,dc=yggdrasill,dc=mydomain,dc=com" write
> by * read
>
> # For Netscape Roaming support, each user gets a roaming
> # profile for which they have write access to
> access to dn=".*,ou=Roaming,o=morsnet"
> by dn="cn=admin,dc=mead,dc=yggdrasill,dc=mydomain,dc=com" write
> by dnattr=owner write
>
Everything seems ok for me
> and the libnss-ldap.conf
>
> ###DEBCONF###
> # the configuration of this file will be done by debconf as long as the
> # first line of the file says '###DEBCONF###'
> #
> # you should use dpkg-reconfigure libnss-ldap to configure this file.
> #
> # @(#)$Id: ldap.conf,v 2.30 2001/09/22 10:57:56 lukeh Exp $
> #
> # This is the configuration file for the LDAP nameservice
> # switch library and the LDAP PAM module.
> #
> # PADL Software
> # http://www.padl.com
> #
>
> # Your LDAP server. Must be resolvable without using LDAP.
> host 127.0.0.1
>
> # The distinguished name of the search base.
> base dc=mead,dc=yggdrasill,dc=mydomain,dc=com
>
> # Another way to specify your LDAP server is to provide an
> # uri with the server name. This allows to use
> # Unix Domain Sockets to connect to a local LDAP Server.
> #uri ldap://127.0.0.1/
> #uri ldaps://127.0.0.1/
> #uri ldapi://%2fvar%2frun%2fldapi_sock/
> # Note: %2f encodes the '/' used as directory separator
>
> # The LDAP version to use (defaults to 3
> # if supported by client library)
> ldap_version 3
>
> # The distinguished name to bind to the server with.
> # Optional: default is to bind anonymously.
> binddn cn=admin,dc=mead,dc=yggdrasill,dc=mydomain,dc=com
>
> # The credentials to bind with.
> # Optional: default is no credential.
> bindpw admin
For me this last line is commented
>
> # The distinguished name to bind to the server with
> # if the effective user ID is root. Password is
> # stored in /etc/ldap.secret (mode 600)
> #rootbinddn cn=manager,dc=padl,dc=com
>
> # The port.
> # Optional: default is 389.
> #port 389
>
> # The search scope.
> #scope sub
> #scope one
> #scope base
>
> # Search timelimit
> #timelimit 30
>
> # Bind timelimit
> #bind_timelimit 30
>
> # Idle timelimit; client will close connections
> # (nss_ldap only) if the server has not been contacted
> # for the number of seconds specified below.
> #idle_timelimit 3600
>
> # RFC2307bis naming contexts
> # Syntax:
> # nss_base_XXX base?scope?filter
> # where scope is {base,one,sub}
> # and filter is a filter to be &'d with the
> # default filter.
> # You can omit the suffix eg:
> # nss_base_passwd ou=People,
> # to append the default base DN but this
> # may incur a small performance impact.
> #nss_base_passwd ou=People,dc=padl,dc=com?one
> #nss_base_shadow ou=People,dc=padl,dc=com?one
> #nss_base_group ou=Group,dc=padl,dc=com?one
> #nss_base_hosts ou=Hosts,dc=padl,dc=com?one
> #nss_base_services ou=Services,dc=padl,dc=com?one
> #nss_base_networks ou=Networks,dc=padl,dc=com?one
> #nss_base_protocols ou=Protocols,dc=padl,dc=com?one
> #nss_base_rpc ou=Rpc,dc=padl,dc=com?one
> #nss_base_ethers ou=Ethers,dc=padl,dc=com?one
> #nss_base_netmasks ou=Networks,dc=padl,dc=com?ne
> #nss_base_bootparams ou=Ethers,dc=padl,dc=com?one
> #nss_base_aliases ou=Aliases,dc=padl,dc=com?one
> #nss_base_netgroup ou=Netgroup,dc=padl,dc=com?one
>
> # attribute/objectclass mapping
> # Syntax:
> #nss_map_attribute rfc2307attribute mapped_attribute
> #nss_map_objectclass rfc2307objectclass mapped_objectclass
>
> # configure --enable-nds is no longer supported.
> # For NDS now do:
> #nss_map_attribute uniqueMember member
>
> # configure --enable-mssfu-schema is no longer supported.
> # For MSSFU now do:
> #nss_map_objectclass posixAccount User
> #nss_map_attribute uid msSFUName
> #nss_map_attribute uniqueMember posixMember
> #nss_map_attribute userPassword msSFUPassword
> #nss_map_attribute homeDirectory msSFUHomeDirectory
> #nss_map_objectclass posixGroup Group
> #nss_map_attribute cn msSFUName
>
> # Alternatively, if you wish to equivalence W2K and POSIX
> # groups, change the uniqueMember mapping line to:
> #nss_map_attribute uniqueMember member
>
> # configure --enable-authpassword is no longer supported
> # For authPassword support, now do:
> #nss_map_attribute userPassword authPassword
>
> # For IBM AIX SecureWay support, do:
> #nss_map_objectclass posixAccount aixAccount
> #nss_base_passwd ou=aixaccount,?one
> #nss_map_attribute uid userName
> #nss_map_attribute gidNumber gid
> #nss_map_attribute uidNumber uid
> #nss_map_attribute userPassword passwordChar
> #nss_map_objectclass posixGroup aixAccessGroup
> #nss_base_group ou=aixgroup,?one
> #nss_map_attribute cn groupName
> #nss_map_attribute uniqueMember member
> # Next line added by Sourceforge install
> rootbinddn cn=admin,dc=mead,dc=yggdrasill,dc=mydomain,dc=com
>
Except this bindpw line everything seems to be ok
The only reason i see to have invalid credential is some problem with
wrong password
Maybe you have some tricky config with kerberos we never tested
You can use /usr/lib/sourceforge/bin/install-ldap.sh configure
everytime you make some change, instead of reinstalling package
don't hesitate to use reset option to restart with a really clean ldap
config
/etc/init.d/nscd stop, not to have some tricky stuffs with ns caching
/usr/lib/sourceforge/bin/install-ldap.sh test
should test for you thar write permission are correctly set up
Good Luck! The force be with you :0)
Make reports for other users if you succeed !
> Thanks again everyone!
>
> Brad
>
> _________________________________________________________________
> MSN Photos is the easiest way to share and print your photos:
> http://photos.msn.com/support/worldwide.aspx
>
> _______________________________________________
> Debian-sf-users mailing list
> address@hidden
> http://mail.freesoftware.fsf.org/mailman/listinfo/debian-sf-users
--
Christian Bayle
===============================================================================
E-mail: address@hidden