1 |
swift 08/05/23 20:02:50 |
2 |
|
3 |
Modified: ldap-howto.xml |
4 |
Log: |
5 |
Coding style |
6 |
|
7 |
Revision Changes Path |
8 |
1.37 xml/htdocs/doc/en/ldap-howto.xml |
9 |
|
10 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?rev=1.37&view=markup |
11 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?rev=1.37&content-type=text/plain |
12 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?r1=1.36&r2=1.37 |
13 |
|
14 |
Index: ldap-howto.xml |
15 |
=================================================================== |
16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v |
17 |
retrieving revision 1.36 |
18 |
retrieving revision 1.37 |
19 |
diff -u -r1.36 -r1.37 |
20 |
--- ldap-howto.xml 2 Jan 2008 00:45:06 -0000 1.36 |
21 |
+++ ldap-howto.xml 23 May 2008 20:02:50 -0000 1.37 |
22 |
@@ -1,5 +1,5 @@ |
23 |
<?xml version='1.0' encoding='UTF-8'?> |
24 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.36 2008/01/02 00:45:06 nightmorph Exp $ --> |
25 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.37 2008/05/23 20:02:50 swift Exp $ --> |
26 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
27 |
|
28 |
<guide link="/doc/en/ldap-howto.xml" disclaimer="draft"> |
29 |
@@ -69,7 +69,7 @@ |
30 |
transaction support or roll-back functionality. Directories are easily |
31 |
replicated to increase availability and reliability. When directories |
32 |
are replicated, temporary inconsistencies are allowed as long as they |
33 |
-get synchronised eventually. |
34 |
+get synchronised eventually. |
35 |
</p> |
36 |
|
37 |
</body> |
38 |
@@ -92,7 +92,7 @@ |
39 |
dc: genfic <comment>(Organisation)</comment> |
40 |
/ \ |
41 |
ou: people servers <comment>(Organisational Units)</comment> |
42 |
- / \ .. |
43 |
+ / \ .. |
44 |
uid: .. jhon <comment>(OU-specific data)</comment> |
45 |
</pre> |
46 |
|
47 |
@@ -227,7 +227,7 @@ |
48 |
</pre> |
49 |
|
50 |
<p> |
51 |
-Now edit <path>/etc/conf.d/slapd</path> and add the following, commenting out |
52 |
+Now edit <path>/etc/conf.d/slapd</path> and add the following, commenting out |
53 |
the existing line: |
54 |
</p> |
55 |
|
56 |
@@ -294,7 +294,8 @@ |
57 |
</pre> |
58 |
|
59 |
<p> |
60 |
-Now add the following lines in the right places to <path>/etc/pam.d/system-auth</path>: |
61 |
+Now add the following lines in the right places to |
62 |
+<path>/etc/pam.d/system-auth</path>: |
63 |
</p> |
64 |
|
65 |
<pre caption="/etc/pam.d/system-auth"> |
66 |
@@ -354,7 +355,7 @@ |
67 |
</pre> |
68 |
|
69 |
<p> |
70 |
-Next, copy over the (OpenLDAP) <path>ldap.conf</path> file from the server to |
71 |
+Next, copy over the (OpenLDAP) <path>ldap.conf</path> file from the server to |
72 |
the client so the clients are aware of the LDAP environment: |
73 |
</p> |
74 |
|
75 |
@@ -382,18 +383,18 @@ |
76 |
# <i>getent passwd|grep 0:0</i> |
77 |
|
78 |
<comment>(You should get two entries back:)</comment> |
79 |
-root:x:0:0:root:/root:/bin/bash |
80 |
+root:x:0:0:root:/root:/bin/bash |
81 |
root:x:0:0:root:/root:/bin/bash |
82 |
</pre> |
83 |
|
84 |
<p> |
85 |
If you noticed one of the lines you pasted into your <path>/etc/ldap.conf</path> |
86 |
-was commented out (the <c>rootbinddn</c> line): you don't need it unless you |
87 |
-want to change a user's password as superuser. In this case you need to echo |
88 |
-the root password to <path>/etc/ldap.secret</path> in plaintext. This is |
89 |
-<brite>DANGEROUS</brite> and should be chmoded to 600. What I do is keep that |
90 |
-file blank and when I need to change someones password thats both in the ldap |
91 |
-and <path>/etc/passwd</path> I put the pass in there for 10 seconds while I |
92 |
+was commented out (the <c>rootbinddn</c> line): you don't need it unless you |
93 |
+want to change a user's password as superuser. In this case you need to echo |
94 |
+the root password to <path>/etc/ldap.secret</path> in plaintext. This is |
95 |
+<brite>DANGEROUS</brite> and should be chmoded to 600. What I do is keep that |
96 |
+file blank and when I need to change someones password thats both in the ldap |
97 |
+and <path>/etc/passwd</path> I put the pass in there for 10 seconds while I |
98 |
change it and remove it when I'm done. |
99 |
</p> |
100 |
|
101 |
@@ -424,10 +425,10 @@ |
102 |
</pre> |
103 |
|
104 |
<p> |
105 |
-This gives you access to everything a user should be able to change. If it's |
106 |
-your information, then you got write access to it; if it's another user their |
107 |
-information then you can read it; anonymous people can send a login/pass to get |
108 |
-logged in. There are four levels, ranking them from lowest to greatest: <c>auth |
109 |
+This gives you access to everything a user should be able to change. If it's |
110 |
+your information, then you got write access to it; if it's another user their |
111 |
+information then you can read it; anonymous people can send a login/pass to get |
112 |
+logged in. There are four levels, ranking them from lowest to greatest: <c>auth |
113 |
search read write</c>. |
114 |
</p> |
115 |
|
116 |
@@ -443,7 +444,7 @@ |
117 |
by anonymous auth |
118 |
by self write |
119 |
by * none |
120 |
- |
121 |
+ |
122 |
access to * |
123 |
by dn="uid=root,ou=People,dc=genfic,dc=com" write |
124 |
by * search |
125 |
@@ -451,11 +452,11 @@ |
126 |
|
127 |
<p> |
128 |
This example gives root and John access to read/write/search |
129 |
-for everything in the the tree below <path>dc=genfic,dc=com</path>. This also |
130 |
-lets users change their own <path>userPassword</path>'s. As for the ending |
131 |
-statement everyone else just has a search ability meaning they can fill in a |
132 |
-search filter, but can't read the search results. Now you can have multiple |
133 |
-acls but the rule of the thumb is it processes from bottom up, so your |
134 |
+for everything in the the tree below <path>dc=genfic,dc=com</path>. This also |
135 |
+lets users change their own <path>userPassword</path>'s. As for the ending |
136 |
+statement everyone else just has a search ability meaning they can fill in a |
137 |
+search filter, but can't read the search results. Now you can have multiple |
138 |
+acls but the rule of the thumb is it processes from bottom up, so your |
139 |
toplevel should be the most restrictive ones. |
140 |
</p> |
141 |
|
142 |
@@ -472,7 +473,7 @@ |
143 |
<p> |
144 |
You can start using the directory to authenticate users in |
145 |
apache/proftpd/qmail/samba. You can manage it with Webmin, which provides an |
146 |
-easy management interface. You can also use phpldapadmin, luma, diradm or lat. |
147 |
+easy management interface. You can also use phpldapadmin, luma, diradm or lat. |
148 |
</p> |
149 |
|
150 |
</body> |
151 |
@@ -485,7 +486,7 @@ |
152 |
<body> |
153 |
|
154 |
<p> |
155 |
-We would like to thank Matt Heler for lending us his box for the purpose of |
156 |
+We would like to thank Matt Heler for lending us his box for the purpose of |
157 |
this guide. Thanks also go to the cool guys in #ldap @ irc.freenode.net |
158 |
</p> |
159 |
|
160 |
|
161 |
|
162 |
|
163 |
-- |
164 |
gentoo-doc-cvs@l.g.o mailing list |