Hi Martin!
> I'm having trouble getting things running. I have openldap (-servers;
> -clients) installed. Server runs and restart as needed, but I can create
> db entires.
>
> Could you help me further?
Of course. The best place to start is the OpenLDAP Quick Start Guide (part of the FAQ
at www.openldap.org). It will tell you the steps to really have openldap up and
running. Just be sure you are reading the QuickStart for the right release of openldap.
Basically, you have to edit slapd.conf to point to the database files, provide a
context (based on your interent domain), provide ACL entries and a Manager account
which is like root for OpenLDAP.
openldap starts with an empty database. You have to create (using ldapadd) the entries
for your context and for the Manager account. Then you'll want to migrate the data on
your /etc files to the directory, using the perl scripts at
/usr/share/openldap/migration.
You can check the data on ldap using ldapsearch, or using the GTK+ tool gq (look at
freshmeat.net) or LDAPbrowser (Windows only). These two last apps will be very usefull
for hand editting data on ldap and fixing mistakes.
> How to add user? How to test if service runs? Something like step-by-step.
Use the openldap Quickstart Guide.
> I must have been missing something.
>
> Sorry for trouble.
No problem. The first try at LDAP is not easy.
Once you get openldap running and populated, you have two choices:
1. Use it as it is for Outlook searches (create a directory account on Outlook and
them find people) and ldapadd, ldapmodify or change the migration scripts so every
time you change your users the change is replicated to ldap.
2. Install and configure pam_ldap and nss_ldap (both at nss_ldap-*.rpm on RHL) so
Linux uses ldap instead of /etc files, much like a NIS server. Them you'll create and
modify users only at ldap and not worry about /etc/passwd and /etc/group anymore. Is
more work to setup but less work on the long run.
If you do that, you won't be able to use Linuxconf, Red Hat Control Panel or Red Hat
setup to manager users (they only edit /etc files). To compensate for this, I created
a webmin module (don't use webmin? you don't know what you are missing...) to provide
such an easy front-end. See my module at ldap-users.sourceforge.net
[]s, Fernando Lozano
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
