On Wed, 27 Mar 2002, Matt Hyne wrote: > At Wednesday, 27-03-02 14:12 (+1100), Matthew Palmer wrote: > >Newlines!!! > > Newlines what ? Does your mailer have problems wrapping text ? > I've never had a complaint from anyone else.
Text in RFC822 compliant e-mail should be a maximum of 80 characters wide. > >> The only problem I have now is getting pam_ldap to access the LDAP > >> database. It tells me it cannot connect when I try to authenticate via > >> LDAP. I believe this must be something to do with /etc/ldap.conf or > >> /etc/openldap/ldap.conf but I don't know which one yet. > > > >You're not using a 1.2.x OpenLDAP server are you? > > No, I am using 2.0.21 but I finally did get it to work by reverting > to unencrypted transactions on port 389. I cannot seem to get the > LDAP over SSL stuff to work. Must be something to do with certs. The TLS/SSL stuff is a prize pig to get working, but it does work eventually. You'll need to start from the real basics (a super-simple ldapsearch) with high levels of debugging to work out whether the SSL trouble is certificate based or otherwise. > I will have to get the security sorted out as I am not to happy about > leaving it open. I also want to tie squid, apache and radius into > using the LDAP database for authentication and finally find something > that I can use to nicely manage the users and groups now in LDAP. You'll probably have to write it yourself. The problem is that everybody has their own idea about how, precisely, to manage LDAP-based authentication, so unless you follow someone else's model precisely, you'll have to write (or modify) your own tools to admin effectively. I use home-brew PHP scripts and for the little things a bare-bones LDAP browser. > One other question. From memory, in NIS we can control what groups of > users can log into a machine using netgroups and by prefixing the > username/group with +. Is there a way of doing this with LDAP ? Ie, all > users are in the ldap directory and I have two machines which I would like > to restrict a subset of users to. I personally do that via pam_access.so on the one machine that needs it, but netgroups can be emulated in LDAP using the NIS compatibility schema. -- ----------------------------------------------------------------------- #include <disclaimer.h> Matthew Palmer [EMAIL PROTECTED] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
