Thanks for Rich's pointer about rfc2307.
I am interest to build a LDAP test server that can eliminate the need of NIS servers. Is this possible ? have anyone done that already ?
Ref: http://www.faqs.org/rfcs/rfc2307.html
T.J. Yang
On Tue, 2005-08-23 at 10:01 -0500, T.J. Yang wrote:
Thanks for Rich's pointer about rfc2307.
I am interest to build a LDAP test server that can eliminate the need of NIS servers. Is this possible ? have anyone done that already ?
Yes it should. IIRC all that RFC does is define some new attributes and objectclasses for the server, hence any LDAP server that supports extending the schema should support the RFC. The key part is not the server setup, but the client setup. You need to look at Section 5, and in particular Section 5.1.
A good book on this topic is LDAP System Administration by Gerald Carter:
http://www.oreilly.com/catalog/ldapsa/index.html
Keith.
From: Keith Sharp kms@passback.co.uk Reply-To: kms@passback.co.uk,"Fedora Directory server developer discussion." fedora-directory-devel@redhat.com To: fedora-directory-devel@redhat.com Subject: Re: [Fedora-directory-devel] Does FDS 7.1 support RFC2307 ? Date: Wed, 24 Aug 2005 08:37:07 +0100
On Tue, 2005-08-23 at 10:01 -0500, T.J. Yang wrote:
Thanks for Rich's pointer about rfc2307.
I am interest to build a LDAP test server that can eliminate the need
of
NIS servers. Is this possible ? have anyone done that already ?
Yes it should. IIRC all that RFC does is define some new attributes and objectclasses for the server, hence any LDAP server that supports extending the schema should support the RFC. The key part is not the server setup, but the client setup. You need to look at Section 5, and in particular Section 5.1.
Reading RFC 2307 Section 5.1 and 5.2 but it is still vague for me. Which OS and which software module has Secction 5.2 functions implemented ?
A good book on this topic is LDAP System Administration by Gerald Carter:
I have this book and it will be on my desk, open and be read.
tj
Keith.
-- Fedora-directory-devel mailing list Fedora-directory-devel@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-devel
On Wed, 2005-08-24 at 07:11 -0500, T.J. Yang wrote:
Reading RFC 2307 Section 5.1 and 5.2 but it is still vague for me. Which OS and which software module has Secction 5.2 functions implemented ?
I have done a degree of NIS replacement (passwd, group and automount entries) using the Fedora Core Linux operating system as both the client and the server. The LDAP server I used was OpenLDAP.
The functions in section 5.2 are normally implemented in the standard libc library. On Fedora Core that is glibc, and the implementation uses the files /etc/nsswitch.conf to determine which directory to use to lookup information: files, NIS, LDAP, etc. For authentication you may also need to configure the PAM system to use LDAP. Fedora Core provides a utility called system-config-authentication that has a simple GUI for configuring these systems.
Support on other operating systems and libc implementations will vary, you should contact the vendors or appropriate support groups for those operating systems.
Keith.
Keith Sharp wrote:
On Wed, 2005-08-24 at 07:11 -0500, T.J. Yang wrote:
Reading RFC 2307 Section 5.1 and 5.2 but it is still vague for me. Which OS and which software module has Secction 5.2 functions implemented ?
I have done a degree of NIS replacement (passwd, group and automount entries) using the Fedora Core Linux operating system as both the client and the server. The LDAP server I used was OpenLDAP.
The functions in section 5.2 are normally implemented in the standard libc library. On Fedora Core that is glibc, and the implementation uses the files /etc/nsswitch.conf to determine which directory to use to lookup information: files, NIS, LDAP, etc. For authentication you may also need to configure the PAM system to use LDAP. Fedora Core provides a utility called system-config-authentication that has a simple GUI for configuring these systems.
Support on other operating systems and libc implementations will vary, you should contact the vendors or appropriate support groups for those operating systems.
The other tricky thing is determining what level of RFC 2307 support the OS has - the old 2307, the 2307 without the automount information, and the new 2307bis with the public key and automount information. We should try to put together a matrix of OS and server support for this.
Keith.
-- Fedora-directory-devel mailing list Fedora-directory-devel@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-devel
From: Keith Sharp kms@passback.co.uk Reply-To: kms@passback.co.uk,"Fedora Directory server developer discussion." fedora-directory-devel@redhat.com To: fedora-directory-devel@redhat.com Subject: Re: [Fedora-directory-devel] Does FDS 7.1 support RFC2307 ? Date: Wed, 24 Aug 2005 14:15:43 +0100
On Wed, 2005-08-24 at 07:11 -0500, T.J. Yang wrote:
Reading RFC 2307 Section 5.1 and 5.2 but it is still vague for me. Which OS and which software module has Secction 5.2 functions
implemented ?
I have done a degree of NIS replacement (passwd, group and automount entries) using the Fedora Core Linux operating system as both the client and the server. The LDAP server I used was OpenLDAP.
The functions in section 5.2 are normally implemented in the standard libc library. On Fedora Core that is glibc, and the implementation uses the files /etc/nsswitch.conf to determine which directory to use to lookup information: files, NIS, LDAP, etc. For authentication you may also need to configure the PAM system to use LDAP. Fedora Core provides a utility called system-config-authentication that has a simple GUI for configuring these systems.
I played with LDAP authentition a while back. I was quite happy I could have a ftp server(proftpd ?) setup to use ldap auth. I went on to pursure telnet authentication. after helps from others, I was able to setup a RH9 box to authenticate user from my corporate ldap account. but the catch is before ldap user can login, I need to create that same ldap account locally in /etc/passwd file. This sort of beat the purpose of ldap auth. I havn't pursue this for about two years, Is RHEL3/4 still require the inseration of user entry into /etc/passwd ?
My goal is to have configure a Unix box to allow telnet/ssh login from users with a valid ldap account.Also I like to restrict the login access base on a ldap user's group.
tj
Support on other operating systems and libc implementations will vary, you should contact the vendors or appropriate support groups for those operating systems.
Keith.
-- Fedora-directory-devel mailing list Fedora-directory-devel@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-devel
389-devel@lists.fedoraproject.org
-
Keith Sharp -
Rich Megginson -
T.J. Yang