Re: [CentOS] OpenLDAP setup and bootstraping in CentOS 6
On Wed, Aug 17, 2011 at 07:05:34PM -0700, Craig White wrote: > On Wed, 2011-08-17 at 15:10 -0400, Scott Robbins wrote: > > > > http://home.roadrunner.com/~computertaijutsu/ldap.html > > > > I can't say that I see any advantages to dynamic configuration but > perhaps in time, they will dawn on me. > > In the meantime, if upstream and thus CentOS 6 are using dynamic > configuration (and I assume that is what it is by reference to slapd.d > directory), then your page is rather outdated and useful only for > earlier releases. > > The last time you pimped your page, I noted that it wasn't bad but it > completely had everything wrong on the topic of TLS. Your page talks > about using TLS but TLS doesn't use port 636. LDAP SSL uses port 636. Which is clearly stated there. I'll add a note soon that the page is outdated, but not tonight. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Oz: It's Willow, she's nearby. Cordelia: What? You can smell her? She doesn't even wear perfume. Oz: She's afraid. Cordelia: Oh my God, is this some sort of residual werewolf thing? This is very disturbing. Oz: I really agree. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OpenLDAP setup and bootstraping in CentOS 6
On Wed, 2011-08-17 at 15:10 -0400, Scott Robbins wrote: > On Wed, Aug 17, 2011 at 07:03:28PM +, Mitch Patenaude wrote: > > I'm having trouble getting openldap through its initial setup. > > > > I created a /etc/openldap/slap.conf file with a default rootdn and rootpw, > > and > > they didn't seem to take effect. After much wailing and gnashing of teeth I > > found that if there is a config directory at /etc/openldap/slapd.d, it will > > ignore slapd.conf. I can't figure out how to translate slapd.conf into the > > (new?) standard of slapd.d because all the examples I can find still use > > slapd.conf. > > > > Am I better off just deleting (or renaming) slapd.d? Does anybody know the > > proper format for slapd.d entries? > > > > I might as well spam my own page (where I suggest deleting it) for LDAP. > > http://home.roadrunner.com/~computertaijutsu/ldap.html > > > I don't know of anyone who got it working with that slap.d, nor have I > seen any documentation on it--on the other hand, I didn't look very > hard. I would almost guarantee it adds no new advantages. I can't say that I see any advantages to dynamic configuration but perhaps in time, they will dawn on me. In the meantime, if upstream and thus CentOS 6 are using dynamic configuration (and I assume that is what it is by reference to slapd.d directory), then your page is rather outdated and useful only for earlier releases. The last time you pimped your page, I noted that it wasn't bad but it completely had everything wrong on the topic of TLS. Your page talks about using TLS but TLS doesn't use port 636. LDAP SSL uses port 636. LDAP SSL is costly in terms of computing power, deprecated and not recommended which is why it ships 'off'. If you can turn off LDAP SSL (and port 636) and connect to port 389 and use -ZZ option, then you will know that you are using TLS. example... ldapsearch -ZZ -h srv2 '(uid=craig)' -D 'uid=craig,ou=people,dc=azapple,dc=com' -W uid, cn -b 'ou=people,dc=azapple,dc=com' Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (uid=craig) # requesting: uid, cn # # craig, people, azapple.com dn: uid=craig,ou=people,dc=azapple,dc=com cn: Craig White # search result search: 3 result: 0 Success # numResponses: 2 # numEntries: 1 Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OpenLDAP setup and bootstraping in CentOS 6
On Aug 17, 2011, at 12:03 PM, Mitch Patenaude wrote: > I'm having trouble getting openldap through its initial setup. > > I created a /etc/openldap/slap.conf file with a default rootdn and rootpw, > and they didn't seem to take effect. After much wailing and gnashing of > teeth I found that if there is a config directory at /etc/openldap/slapd.d, > it will ignore slapd.conf. I can't figure out how to translate slapd.conf > into the (new?) standard of slapd.d because all the examples I can find still > use slapd.conf. > > Am I better off just deleting (or renaming) slapd.d? Does anybody know the > proper format for slapd.d entries? presuming what you are referring to is dynamic configuration - flat files are not used any more. Haven't tried with CentOS 6 because I switched my newer setups to Ubuntu but Ubuntu 10.04 also uses dynamic configuration methods and if that is the case... /etc/openldap/slapd.conf is meaningless - at least in Ubuntu renaming or deleting /etc/openldap/slapd.d would be a self-defeating act... that's where the results of dynamic configuration will end up. start over, baby steps... script everything you do so it's repeatable start by adding your schema's then define the backend then define the base then define your ACL's then you can pull in the DSA Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OpenLDAP setup and bootstraping in CentOS 6
On 08/17/2011 12:03 PM, Mitch Patenaude wrote: ... > I created a /etc/openldap/slap.conf file with a default rootdn and > rootpw, and they didn't seem to take effect. After much wailing and > gnashing of teeth I found that if there is a config directory at > /etc/openldap/slapd.d, it will ignore slapd.conf. I can't figure out how > to translate slapd.conf into the (new?) standard of slapd.d because all > the examples I can find still use slapd.conf. > > Am I better off just deleting (or renaming) slapd.d? Does anybody know > the proper format for slapd.d entries? ... You'd be best off learning the new method of configuration as I've heard rumors that the slapd.conf file will be deprecated at some point. Here you can find some additional information: http://www.zytrax.com/books/ldap/ch6/slapd-config.html Basically, any slap* command which can reference a file will perform the conversion. HTH, -- Josh Miller Open Source Solutions Architect http://itsecureadmin.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OpenLDAP setup and bootstraping in CentOS 6
On Wed, Aug 17, 2011 at 07:03:28PM +, Mitch Patenaude wrote: > I'm having trouble getting openldap through its initial setup. > > I created a /etc/openldap/slap.conf file with a default rootdn and rootpw, and > they didn't seem to take effect. After much wailing and gnashing of teeth I > found that if there is a config directory at /etc/openldap/slapd.d, it will > ignore slapd.conf. I can't figure out how to translate slapd.conf into the > (new?) standard of slapd.d because all the examples I can find still use > slapd.conf. > > Am I better off just deleting (or renaming) slapd.d? Does anybody know the > proper format for slapd.d entries? > I might as well spam my own page (where I suggest deleting it) for LDAP. http://home.roadrunner.com/~computertaijutsu/ldap.html I don't know of anyone who got it working with that slap.d, nor have I seen any documentation on it--on the other hand, I didn't look very hard. I would almost guarantee it adds no new advantages. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Buffy: Could I be seeing Billy's asteroid body? Giles: Astral body, and I don't know. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] OpenLDAP setup and bootstraping in CentOS 6
I'm having trouble getting openldap through its initial setup. I created a /etc/openldap/slap.conf file with a default rootdn and rootpw, and they didn't seem to take effect. After much wailing and gnashing of teeth I found that if there is a config directory at /etc/openldap/slapd.d, it will ignore slapd.conf. I can't figure out how to translate slapd.conf into the (new?) standard of slapd.d because all the examples I can find still use slapd.conf. Am I better off just deleting (or renaming) slapd.d? Does anybody know the proper format for slapd.d entries? Thanks, -- Mitch Patenaude ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
