> > I don't have any certificates to deal with as I am not using SSL/TLS. I > > actually tried to do this as a learning exercise but couldn't get it to > > work based on the documentation I read. > > Try http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html
I will check that out. [snip] > > 'man ldapsearch'. ldapsearch without -x assumes that you are asking for > SASL support that you have configured in slapd.conf, and you haven't. The > fact that you get the same results for root or a non-root user doesn't > have anything to do with the Unix user that you are logged in as; slapd > doesn't care about the Unix )posix) user. It only cares about users in DNs > that you feed it. That makes sense to me and I think gives me a clue on some of the problems I was having with the LDAP ACLs. > > Does that give a better idea of what might be wrong in my setup? > > Yes. I have to agree with Craig White here (I usually do ;) LDAP for me is > the be-all and end-all. i use it for across-platform authentication in > production for *everything* It is the corner stone to all services that my > users may use. If an application doesn't work with it, then that > application is useless to me. Examples of apps that use a single login and > password at one site I administer (runs 3 servers under RHAS3 using the > same LDAP DSA) are postfix smtp, Courier IMAP, Linux Terminal Server > Project, Pykota print quota admin, ssh and a Samba PDC. To be able to > master the LDAP part thoroughly, I chose to use source code and subscribe > to the 4-5 mailing lists dealing with this. Craig does the same. > > Get samba working without LDAP first, then make sure you master every > possible aspect of openldap and are completely confident with it. Then you > can adapt what you've done to Samba. I will do that. Thanks for your time in patiently helping me through this. Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
