[Grml] Is nss-ldap missing from grml 2010.04 ?

2011-01-02 Thread jonty 
Hi All,

I have been using grml for the last couple of months.  I am building a
network of about 20 machines, all running grml, and I want them to share
a single set of login names and passwords.  So I decided to configure
OpenLDAP as a service on one machine and configure the other machines to
find login+password from this service.

I am following the instructions set out at:

  http://wiki.debian.org/LDAP/NSS
  
http://www.debian-administration.org/article/585/OpenLDAP_installation_on_Debian

They suggest I use libnss-ldap.  But this package seems to be missing
from my copy of grml 2010.04.  I have also checked the package list
for 2010.12 and that does not contain libnss-ldap.

This seems a strange omission from grml.  It contains slapd to run the
service and several clients such as freeradius-ldap, libnet-ldap-perl,
postfix-ldap, and smbldap-tools.  So why not libnss-ldap?

I could install libnss-ldap on each client machine.  But then I have to
repeat those same steps on 20 machines, which makes it 20 times more
likely I will make a mistake somewhere.

I tried apt-get install libnss-ldap on a test machine.  This started
updating libc-bin and installing locales, which seemed a good way of
breaking the distro.  Can anyone suggest a better approach?  Should I
remaster the CD?  Is there some gmrl magic I am missing?  Is there a
different tool for login+password that is not ldap?

Thanks
Jonty
___
Grml mailing list - Grml@mur.at
http://lists.mur.at/mailman/listinfo/grml
join #grml on irc.freenode.org
grml-devel-blog: http://grml.supersized.org/

Re: [Grml] Is nss-ldap missing from grml 2010.04 ?

2011-01-02 Thread Michael Prokop 
* jonty g...@jonmail.co.uk [Sun Jan 02, 2011 at 03:01:23PM +]:

 I have been using grml for the last couple of months.  I am building a
 network of about 20 machines, all running grml, and I want them to share
 a single set of login names and passwords.

Nice! :)

 So I decided to configure OpenLDAP as a service on one machine and
 configure the other machines to find login+password from this
 service.

 I am following the instructions set out at:

   http://wiki.debian.org/LDAP/NSS
   
 http://www.debian-administration.org/article/585/OpenLDAP_installation_on_Debian

 They suggest I use libnss-ldap.  But this package seems to be missing
 from my copy of grml 2010.04.  I have also checked the package list
 for 2010.12 and that does not contain libnss-ldap.

 This seems a strange omission from grml.  It contains slapd to run the
 service and several clients such as freeradius-ldap, libnet-ldap-perl,
 postfix-ldap, and smbldap-tools.  So why not libnss-ldap?

libnss-ldap requires pre-configuration to be useful and no shipped
package has a hard dependency on it, that's why it's not shipped by
default.

 I could install libnss-ldap on each client machine.  But then I have to
 repeat those same steps on 20 machines, which makes it 20 times more
 likely I will make a mistake somewhere.

 I tried apt-get install libnss-ldap on a test machine.  This started
 updating libc-bin and installing locales, which seemed a good way of
 breaking the distro.  Can anyone suggest a better approach?  Should I
 remaster the CD?  Is there some gmrl magic I am missing?  Is there a
 different tool for login+password that is not ldap?

Just grab Grml 2010.12 (current stable release) and run apt-get
install libnss-ldap there, no major updates (like libc) should be
necessary then.

If you want to have libnss-ldap persistent you can either use
http://wiki.grml.org/doku.php?id=persistency (not that great for 20
machines probably though), the debs=... bootoption to install it
during bootup (see http://grml.org/cheatcodes/), remaster it using
grml-live (see http://grml.org/grml-live/) or if PXE booting is an
option provide the adjusted grml_chroot (either from grml-live or
based on the official ones from
http://debian.netcologne.de/www.grml.org/release-chroots/) through
PXE.

regards,
-mika-


signature.asc
Description: Digital signature
___
Grml mailing list - Grml@mur.at
http://lists.mur.at/mailman/listinfo/grml
join #grml on irc.freenode.org
grml-devel-blog: http://grml.supersized.org/

Re: [Grml] Is nss-ldap missing from grml 2010.04 ?

2011-01-02 Thread jonmail 
Michael Prokop wrote:
 Just grab Grml 2010.12 (current stable release) and run apt-get
 install libnss-ldap there, no major updates (like libc) should be
 necessary then.
 

I did as you suggested with 2010.12.  apt-get install libnss-ldap
worked without any fuss, so I am up and running.  Now I can configure it
to talk to my LDAP server.

I have also started grml-live in another machine to rebuild the
ISO.  I will have to wait a while for the results.

Thanks very much for your help.
jonty

___
Grml mailing list - Grml@mur.at
http://lists.mur.at/mailman/listinfo/grml
join #grml on irc.freenode.org
grml-devel-blog: http://grml.supersized.org/