AV1611 Posted October 24, 2007 Share Posted October 24, 2007 I have been trying to set up OpenLDAP server for a couple weeks now. I know ldap from the Windows world, but not Linux. I need to get it to work so I can install Kolab. I have tried several times using the howto on the howtoforge site. Can anyone help me, or point me to a good tutorial that doesn't "brush over" the details? Thanks. Quote Link to comment Share on other sites More sharing options...
neylitalo Posted October 24, 2007 Share Posted October 24, 2007 I used this Gentoo tutorial, and I'm currently sitting on a network with LDAP controlling user authentication for six computers, so I'd say it works pretty well. There will be a few minor differences for your distribution (Fedora, right?), but I'm fairly certain that you'll be able to work around them. Quote Link to comment Share on other sites More sharing options...
AV1611 Posted October 24, 2007 Author Share Posted October 24, 2007 I'll give it a go today and post back my success story (or stupid questions ) Thanks. Quote Link to comment Share on other sites More sharing options...
AV1611 Posted October 24, 2007 Author Share Posted October 24, 2007 I can't get past this part: [root@tranquilpenguin ~]# ldapsearch -Hldap://tranquilpenguin.com -b "" -s base -D "cn=osprey,dc=tranquilpenguin,dc=com" SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database however, [osprey@tranquilpenguin ~]$ ldapsearch -x -D "cn=testuser,dc=tranquilpenguin,dc=com" -W Enter LDAP Password: # extended LDIF # # LDAPv3 # base <> with scope subtree # filter: (objectclass=*) # requesting: ALL # # tranquilpenguin.com dn: dc=tranquilpenguin,dc=com objectClass: dcObject objectClass: person sn: osprey cn: osprey dc: tranquilpenguin # Hosts, tranquilpenguin.com dn: ou=Hosts,dc=tranquilpenguin,dc=com ou: Hosts objectClass: top objectClass: organizationalUnit objectClass: domainRelatedObject associatedDomain: tranquilpenguin.com # People, tranquilpenguin.com dn: ou=People,dc=tranquilpenguin,dc=com ou: People objectClass: top objectClass: organizationalUnit objectClass: domainRelatedObject associatedDomain: tranquilpenguin.com # Group, tranquilpenguin.com dn: ou=Group,dc=tranquilpenguin,dc=com ou: Group objectClass: top objectClass: organizationalUnit objectClass: domainRelatedObject associatedDomain: tranquilpenguin.com # testuser, tranquilpenguin.com dn: cn=testuser,dc=tranquilpenguin,dc=com cn: testuser sn: testuser objectClass: top objectClass: person userPassword:: e01ENX1vNVZIRUdoS2NOS0QrMEp0L3p5R2tRPT0= Quote Link to comment Share on other sites More sharing options...
AV1611 Posted October 25, 2007 Author Share Posted October 25, 2007 OK, I got past the basic hard part. I have basic ldap working. I can create a user, I can delete a user, I can lookup a user. I do not have sasl/tls working yet. When I create a user, it does not create a postfix account nor does is create a local machine account... Is it supposed to? Quote Link to comment Share on other sites More sharing options...
AV1611 Posted October 25, 2007 Author Share Posted October 25, 2007 [root@tranquilpenguin ~]# openssl req -config /etc/ssl/openssl.cnf -new -x509 -nodes \ -out /etc/ssl/ldap.pem -keyout /etc/openldap/ldap-key.pem -days 999999 unknown option -out Quote Link to comment Share on other sites More sharing options...
neylitalo Posted October 25, 2007 Share Posted October 25, 2007 When I create a user, it does not create a postfix account nor does is create a local machine account... Is it supposed to? Not by default, although there may be a way to have Postfix use LDAP accounts for user management, and I know you can have the computer use LDAP accounts for user management. You can check http://directory.fedoraproject.org/ to see if they have any information on the subject. Out of curiosity, was there a reason that you didn't use the Fedora Directory Server? Quote Link to comment Share on other sites More sharing options...
AV1611 Posted October 26, 2007 Author Share Posted October 26, 2007 LOL Because I didn't know of it's existence until yesterday when I found it on google... How much of this is done by it automatically? Would it be worth a clean install on my server or can I "retrofit" it? Quote Link to comment Share on other sites More sharing options...
AV1611 Posted October 26, 2007 Author Share Posted October 26, 2007 Well, I did yum -y install fedora-ds* it installed ok I then did a search for fedora-ds* nothing found. I've read the doc's several times. It says the install routine does everything for you. but it never tells you how to start the install routine. This is what frustrates my about linux in general, and ALL distro's have these issues. Quote Link to comment Share on other sites More sharing options...
AV1611 Posted October 26, 2007 Author Share Posted October 26, 2007 LDAP It would appear that I am not as familiar with LDAP as I though I was. I am going to back off a little and try to educate myself some more. I currently have Open LDAP running with a simple user database. The users are not tied to Unix accounts. Objectives: 1. Figure out how to tie the LDAP users to the Unix Accounts. 2. Figure out how to tie the LDAP users to the Postfix server (Which is already tied to the Unix Account) I think if I can get this done, I can move forward. Any links or hints would be most appreciated. Bill Quote Link to comment Share on other sites More sharing options...
neylitalo Posted October 26, 2007 Share Posted October 26, 2007 1. Figure out how to tie the LDAP users to the Unix Accounts. I'm afraid it can't be done with any implementation of LDAP that I'm familiar with. You can import the Unix accounts into the LDAP directory, but you can't link them together. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.