Doug Campbell: [...]
> Sorry, I forgot to put some of these answers in last time :( > > > slapd appears to be running as user ldap when I run ps aux > > I enabled it to start automatically on boot up using the chkconfig > utility in FC3. > > All config files are owned by root and have root as their group with the > one exception of slapd.conf which has ldap as it's group > The DB files are owned by ldap and the group is ldap. O.k. > I don't have any certificates to deal with as I am not using SSL/TLS. I > actually tried to do this as a learning exercise but couldn't get it to > work based on the documentation I read. Try http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html > "cn=Manager,dc=swro,dc=local" is the rootdn user in slapd.conf > > > I wanted to have a proxy user but again when I tried using the example > slapd.conf files for ACLs they never worked even though I followed the > examples as given. You *have* to get ACLs working. You can't possibly use OpenLDAP (in production, at least) without some quite complex ACLs. > if I just type ldapsearch at the console, it will prompt me for a > password. I don't know what password it is asking though. I tried all > that I have used and there is still no luck. The error I get is "user not > found: no > secret in database". If instead I type ldapsearch -x. It displays > information from my ldap store. If I now switch users to a non-root user > and execute the same two commands, I also get the same two results. 'man ldapsearch'. ldapsearch without -x assumes that you are asking for SASL support that you have configured in slapd.conf, and you haven't. The fact that you get the same results for root or a non-root user doesn't have anything to do with the Unix user that you are logged in as; slapd doesn't care about the Unix )posix) user. It only cares about users in DNs that you feed it. > Does that give a better idea of what might be wrong in my setup? Yes. I have to agree with Craig White here (I usually do ;) LDAP for me is the be-all and end-all. i use it for across-platform authentication in production for *everything* It is the corner stone to all services that my users may use. If an application doesn't work with it, then that application is useless to me. Examples of apps that use a single login and password at one site I administer (runs 3 servers under RHAS3 using the same LDAP DSA) are postfix smtp, Courier IMAP, Linux Terminal Server Project, Pykota print quota admin, ssh and a Samba PDC. To be able to master the LDAP part thoroughly, I chose to use source code and subscribe to the 4-5 mailing lists dealing with this. Craig does the same. Get samba working without LDAP first, then make sure you master every possible aspect of openldap and are completely confident with it. Then you can adapt what you've done to Samba. Best, --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
