I have a few simple ldap questions I would appreciate any help
here. If it matters, the client here is a 10.5.X mini, where most of
the my monkeying around is taking place.
First of all, what is the relationship between
/etc/openldap/ldap.conf and the Directory Utility? I ask because if I
configure the BASE and URI on ldap.conf (ldap server is setup not to
demand tls for now; this is a test), I have no problems using
ldapsearch. What about the Directory Utility?
Then what does the Directory Utility do when you go to services
and create a configuration that will connect to the ldap server? By
that I mean I did provide the search base matching that I first used
on ldap.com and set LDAP Mappings to RFC 2307 (Unix) At this point it
shows the green light under directory servers and says "The server is
responding normally. This server is not in your authentication search
policy." What is really happening here? For the lack of a better term,
how much am I connected to the ldap server right then? Reason I ask is
that ldapsearch claims it can't find ldap server. Doesn't it access
the same ldap server the Directory Utility does?
Let's sat I, say, go to search policies->authentication and try
to add /ldapv3/auth.in.kushana.com (my poor ldap server). I do the
same on Contacts. Still have green lights even after reboot. Yet,
ldapsearch still knows nothing of it. Should I use dscl instead?
About dscl, should I be able to see the contents of LDAP User raub, as in
/LDAPv3/auth.in.kushana.com/Users/raub > ls
/LDAPv3/auth.in.kushana.com/Users/raub >
Would that be controlled by the acls defined in the server (slapd.conf
or wherever else)?
What about certs for ssh authentication (Er, TLS)? If I am using
an internal cert and CA, where should I put the ca so the Directory
Utility can find it? Would adding it to the Keychain Access suffice?
_______________________________________________
MacOSX-admin mailing list
[email protected]
http://www.omnigroup.com/mailman/listinfo/macosx-admin
