1 |
Jeff Rooney schrieb: |
2 |
> I just ment that the gentoo doc has a big message at the top |
3 |
> "*Disclaimer : * This document is not valid and is not maintained |
4 |
> anymore." You mention some bad habits with openLDAP, can you expand a |
5 |
> little? I'm just trying to figure out what the best solution is for me |
6 |
> and any help would be greatly appreciated. Thanks in advance |
7 |
> . |
8 |
|
9 |
Well, it's been bad wording on my site. Most problems arise from getting |
10 |
the different pieces to work together and are not strictly tied to |
11 |
openLDAP itself. Most problems arise from misconfigured bdb environments |
12 |
in big and/or high volume scenarios. |
13 |
|
14 |
Generally you should use the latest stable release for openldap (that |
15 |
ist 2.3.27) and nss_ldap > 245. You don't *need* kerberos but it can be |
16 |
convenient. To make root login work when LDAP is down you might want to |
17 |
read about nss_initgroups_ignoreusers and bindpolicy settings in |
18 |
/etc/ldap.conf. Note: /etc/ldap.conf is a nss_ldap file, openldap client |
19 |
tools like ldapsearch are set up in /etc/openldap/ldap.conf. There is a |
20 |
set of scripts "net-nds/migrationtools" that can help migrating from |
21 |
plain unix setup to openldap, mainly in generating ldif input. |
22 |
|
23 |
I suggest you start with José's HOWTO and |
24 |
http://www.openldap.org/doc/admin23/. If you have your requirements set |
25 |
and a general idea how to implement things or run into problems come |
26 |
back here or another relevant ML. |
27 |
|
28 |
cheers |
29 |
Paul |
30 |
-- |
31 |
gentoo-server@g.o mailing list |