Gentoo Archives: gentoo-doc-cvs

From: Sven Vermeulen <swift@××××××××××××.org>
To: gentoo-doc-cvs@l.g.o
Subject: [gentoo-doc-cvs] cvs commit: ldap-howto.xml
Date: Fri, 23 May 2008 20:02:55
Message-Id: E1JzdTW-00017o-L1@stork.gentoo.org
1 swift 08/05/23 20:02:50
2
3 Modified: ldap-howto.xml
4 Log:
5 Coding style
6
7 Revision Changes Path
8 1.37 xml/htdocs/doc/en/ldap-howto.xml
9
10 file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?rev=1.37&view=markup
11 plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?rev=1.37&content-type=text/plain
12 diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?r1=1.36&r2=1.37
13
14 Index: ldap-howto.xml
15 ===================================================================
16 RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v
17 retrieving revision 1.36
18 retrieving revision 1.37
19 diff -u -r1.36 -r1.37
20 --- ldap-howto.xml 2 Jan 2008 00:45:06 -0000 1.36
21 +++ ldap-howto.xml 23 May 2008 20:02:50 -0000 1.37
22 @@ -1,5 +1,5 @@
23 <?xml version='1.0' encoding='UTF-8'?>
24 -<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.36 2008/01/02 00:45:06 nightmorph Exp $ -->
25 +<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.37 2008/05/23 20:02:50 swift Exp $ -->
26 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
27
28 <guide link="/doc/en/ldap-howto.xml" disclaimer="draft">
29 @@ -69,7 +69,7 @@
30 transaction support or roll-back functionality. Directories are easily
31 replicated to increase availability and reliability. When directories
32 are replicated, temporary inconsistencies are allowed as long as they
33 -get synchronised eventually.
34 +get synchronised eventually.
35 </p>
36
37 </body>
38 @@ -92,7 +92,7 @@
39 dc: genfic <comment>(Organisation)</comment>
40 / \
41 ou: people servers <comment>(Organisational Units)</comment>
42 - / \ ..
43 + / \ ..
44 uid: .. jhon <comment>(OU-specific data)</comment>
45 </pre>
46
47 @@ -227,7 +227,7 @@
48 </pre>
49
50 <p>
51 -Now edit <path>/etc/conf.d/slapd</path> and add the following, commenting out
52 +Now edit <path>/etc/conf.d/slapd</path> and add the following, commenting out
53 the existing line:
54 </p>
55
56 @@ -294,7 +294,8 @@
57 </pre>
58
59 <p>
60 -Now add the following lines in the right places to <path>/etc/pam.d/system-auth</path>:
61 +Now add the following lines in the right places to
62 +<path>/etc/pam.d/system-auth</path>:
63 </p>
64
65 <pre caption="/etc/pam.d/system-auth">
66 @@ -354,7 +355,7 @@
67 </pre>
68
69 <p>
70 -Next, copy over the (OpenLDAP) <path>ldap.conf</path> file from the server to
71 +Next, copy over the (OpenLDAP) <path>ldap.conf</path> file from the server to
72 the client so the clients are aware of the LDAP environment:
73 </p>
74
75 @@ -382,18 +383,18 @@
76 # <i>getent passwd|grep 0:0</i>
77
78 <comment>(You should get two entries back:)</comment>
79 -root:x:0:0:root:/root:/bin/bash
80 +root:x:0:0:root:/root:/bin/bash
81 root:x:0:0:root:/root:/bin/bash
82 </pre>
83
84 <p>
85 If you noticed one of the lines you pasted into your <path>/etc/ldap.conf</path>
86 -was commented out (the <c>rootbinddn</c> line): you don't need it unless you
87 -want to change a user's password as superuser. In this case you need to echo
88 -the root password to <path>/etc/ldap.secret</path> in plaintext. This is
89 -<brite>DANGEROUS</brite> and should be chmoded to 600. What I do is keep that
90 -file blank and when I need to change someones password thats both in the ldap
91 -and <path>/etc/passwd</path> I put the pass in there for 10 seconds while I
92 +was commented out (the <c>rootbinddn</c> line): you don't need it unless you
93 +want to change a user's password as superuser. In this case you need to echo
94 +the root password to <path>/etc/ldap.secret</path> in plaintext. This is
95 +<brite>DANGEROUS</brite> and should be chmoded to 600. What I do is keep that
96 +file blank and when I need to change someones password thats both in the ldap
97 +and <path>/etc/passwd</path> I put the pass in there for 10 seconds while I
98 change it and remove it when I'm done.
99 </p>
100
101 @@ -424,10 +425,10 @@
102 </pre>
103
104 <p>
105 -This gives you access to everything a user should be able to change. If it's
106 -your information, then you got write access to it; if it's another user their
107 -information then you can read it; anonymous people can send a login/pass to get
108 -logged in. There are four levels, ranking them from lowest to greatest: <c>auth
109 +This gives you access to everything a user should be able to change. If it's
110 +your information, then you got write access to it; if it's another user their
111 +information then you can read it; anonymous people can send a login/pass to get
112 +logged in. There are four levels, ranking them from lowest to greatest: <c>auth
113 search read write</c>.
114 </p>
115
116 @@ -443,7 +444,7 @@
117 by anonymous auth
118 by self write
119 by * none
120 -
121 +
122 access to *
123 by dn="uid=root,ou=People,dc=genfic,dc=com" write
124 by * search
125 @@ -451,11 +452,11 @@
126
127 <p>
128 This example gives root and John access to read/write/search
129 -for everything in the the tree below <path>dc=genfic,dc=com</path>. This also
130 -lets users change their own <path>userPassword</path>'s. As for the ending
131 -statement everyone else just has a search ability meaning they can fill in a
132 -search filter, but can't read the search results. Now you can have multiple
133 -acls but the rule of the thumb is it processes from bottom up, so your
134 +for everything in the the tree below <path>dc=genfic,dc=com</path>. This also
135 +lets users change their own <path>userPassword</path>'s. As for the ending
136 +statement everyone else just has a search ability meaning they can fill in a
137 +search filter, but can't read the search results. Now you can have multiple
138 +acls but the rule of the thumb is it processes from bottom up, so your
139 toplevel should be the most restrictive ones.
140 </p>
141
142 @@ -472,7 +473,7 @@
143 <p>
144 You can start using the directory to authenticate users in
145 apache/proftpd/qmail/samba. You can manage it with Webmin, which provides an
146 -easy management interface. You can also use phpldapadmin, luma, diradm or lat.
147 +easy management interface. You can also use phpldapadmin, luma, diradm or lat.
148 </p>
149
150 </body>
151 @@ -485,7 +486,7 @@
152 <body>
153
154 <p>
155 -We would like to thank Matt Heler for lending us his box for the purpose of
156 +We would like to thank Matt Heler for lending us his box for the purpose of
157 this guide. Thanks also go to the cool guys in #ldap @ irc.freenode.net
158 </p>
159
160
161
162
163 --
164 gentoo-doc-cvs@l.g.o mailing list