Jeff Rooney schrieb: > I just ment that the gentoo doc has a big message at the top > "*Disclaimer : * This document is not valid and is not maintained > anymore." You mention some bad habits with openLDAP, can you expand a > little? I'm just trying to figure out what the best solution is for me > and any help would be greatly appreciated. Thanks in advance > .
Well, it's been bad wording on my site. Most problems arise from getting the different pieces to work together and are not strictly tied to openLDAP itself. Most problems arise from misconfigured bdb environments in big and/or high volume scenarios. Generally you should use the latest stable release for openldap (that ist 2.3.27) and nss_ldap > 245. You don't *need* kerberos but it can be convenient. To make root login work when LDAP is down you might want to read about nss_initgroups_ignoreusers and bindpolicy settings in /etc/ldap.conf. Note: /etc/ldap.conf is a nss_ldap file, openldap client tools like ldapsearch are set up in /etc/openldap/ldap.conf. There is a set of scripts "net-nds/migrationtools" that can help migrating from plain unix setup to openldap, mainly in generating ldif input. I suggest you start with José's HOWTO and http://www.openldap.org/doc/admin23/. If you have your requirements set and a general idea how to implement things or run into problems come back here or another relevant ML. cheers Paul -- [email protected] mailing list
