On 4/23/06, Benno <[EMAIL PROTECTED]> wrote:
> On Sat Apr 22, 2006 at 09:09:30 +1000, Philip Greggs wrote:
> >On 4/21/06, Benno <[EMAIL PROTECTED]> wrote:
> >> On Fri Apr 21, 2006 at 20:24:10 +1000, Philip Greggs wrote:
> >> >> >
> >> >> > In Fedora 1, 2, 3, 4, and 5 it is in /etc/openldap/ldap.conf.
> >> >> >
> >> >> > My ldap.conf
> >> >> > #cat /etc/openldap/ldap.conf
> >> >> > HOST ldap.example.com.ex
> >> >> > BASE dc=example,dc=com,dc=ex
> >> >> You may also test a similar setup using Public LDAP Servers in your
> >> >> 'ldap.conf'.
> >> >>
> >> >> For example, you may try this in your ldap.conf
> >> >> HOST ldap.baylor.edu
> >> >> BASE o=Baylor University,c=US
> >> >>
> >> >> and then do,
> >> >>
> >> >> $ldapsearch -x
> >> >>
> >> >> Or
> >> >> HOST directory.monash.edu.au
> >> >> BASE o=Monash University,c=AU
> >> >> and then do,
> >> >>
> >> >> $ldapsearch -x
> >> >>
> >> >
> >> >Makes sense.
> >> >
> >> >One more question. How can individual users without superuser access
> >> >change the LDAP HOST server and/or BASE filter ? Tried this but no
> >> >joy:
> >> >
> >> >$export HOST="ldap.myserver.com"
> >> >$ldapsearch -x
> >> >
> >> >One moment a user wants to access Baylor U and another time
> >> >Monash U but SysAdmin is out to lunch. Is this possible ?
> >> >
> >>
> >> From the man page:
> >>
> >> -H ldapuri
> >> Specify URI(s) referring to the ldap server(s).
> >>
> >> -h ldaphost
> >> Specify an alternate host on which the ldap server is
> >> running.
> >> Deprecated in favor of -H.
> >>
> >> -p ldapport
> >> Specify an alternate TCP port where the ldap server is
> >> listen-
> >> ing. Deprecated in favor of -H.
> >>
> >
> >Thanks Benno.
> >1. This one works:
> >$ldapsearch -x -H ldap://ldap.example.com.clug -b example.com.clug
> >2. Not this one:
> >$ldapsearch -x -H ldap://ldap.example.com -b example.com
> >
> >Jimmy:
> >1. Created .ldaprc in my $HOME with
> >HOST ldap.example.com.clug
> >BASE example.com.clug
> >and $ldapsearch -x works.
> >
> >2. Not when I changed .ldaprc to
> >HOST ldap.example.com
> >BASE example.com
> >
> >NOTE: I changed my DNS and ldap domain to match
> >each case.
> >
> >So, DNS settings as indicated by O Plameras are important in LDAP.
> >
> >Just to clarify since there are some confusions.
>
> Ok, to actually clarify the confusion... (hopefully). DNS is used in ldap
> at the network layer to determine how to contact the server.
>
In simple words ldap needs DNS for it to be contacted by ldap clients
like 'ldapadd', 'dapsearch', etc.
> DNS is not used by the server, and the base DN is not related to DNS, and
> you are free to set that to whatever. (Which is what brought this up in the
> first place.)
You'll have to check IETF RFC 3663 before you bring more confusions, which
says in part and I quote:
'1.3. Abbreviations Used
The following abbreviations are used to describe the nature of this
experiment:
TLD: Top-Level Domain. Refers to the domain names just beneath
the root in the Domain Name System. This experiment used the
TLD's .com, .net, .org, and .edu.
SLD: Second-Level Domain. Refers to the domain names just beneath
a TLD in the Domain Name System. An example of such a domain name
would be "example.com".
DIT: Directory Information Tree. One of many hierarchies of data
entries in an LDAP server.
DN: Distinguished Name. The unique name of an entry in a DIT.
cn: common name. See RFC 2256 [7].
dc: domain component. See RFC 2247 [4].
uid: user id. See RFC 2798 [9].'
HTH.
PG
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
