| 1 |
Jeff Rooney schrieb: |
| 2 |
> I just ment that the gentoo doc has a big message at the top |
| 3 |
> "*Disclaimer : * This document is not valid and is not maintained |
| 4 |
> anymore." You mention some bad habits with openLDAP, can you expand a |
| 5 |
> little? I'm just trying to figure out what the best solution is for me |
| 6 |
> and any help would be greatly appreciated. Thanks in advance |
| 7 |
> . |
| 8 |
|
| 9 |
Well, it's been bad wording on my site. Most problems arise from getting |
| 10 |
the different pieces to work together and are not strictly tied to |
| 11 |
openLDAP itself. Most problems arise from misconfigured bdb environments |
| 12 |
in big and/or high volume scenarios. |
| 13 |
|
| 14 |
Generally you should use the latest stable release for openldap (that |
| 15 |
ist 2.3.27) and nss_ldap > 245. You don't *need* kerberos but it can be |
| 16 |
convenient. To make root login work when LDAP is down you might want to |
| 17 |
read about nss_initgroups_ignoreusers and bindpolicy settings in |
| 18 |
/etc/ldap.conf. Note: /etc/ldap.conf is a nss_ldap file, openldap client |
| 19 |
tools like ldapsearch are set up in /etc/openldap/ldap.conf. There is a |
| 20 |
set of scripts "net-nds/migrationtools" that can help migrating from |
| 21 |
plain unix setup to openldap, mainly in generating ldif input. |
| 22 |
|
| 23 |
I suggest you start with José's HOWTO and |
| 24 |
http://www.openldap.org/doc/admin23/. If you have your requirements set |
| 25 |
and a general idea how to implement things or run into problems come |
| 26 |
back here or another relevant ML. |
| 27 |
|
| 28 |
cheers |
| 29 |
Paul |
| 30 |
-- |
| 31 |
gentoo-server@g.o mailing list |
Archives