[389-users] Questions on 389 configuration

Juan Asensio Sánchez okelet at gmail.com
Thu Jul 12 10:54:01 UTC 2012 

Hi

We are using these attributes for a (very basic) configuration of
LDAPI (just root -> Directory Manager):

# LDAPI
nsslapd-ldapifilepath: /var/run/dirsrv/slapd-XXXX.socket
nsslapd-ldapilisten: on
nsslapd-ldapiautobind: on
nsslapd-ldapimaprootdn: cn=Directory Manager
nsslapd-ldapimaptoentries: off
nsslapd-ldapientrysearchbase: dc=XXXXX,dc=es

Then, we search this way:

ldapsearch -Y EXTERNAL -H
ldapi://%2fvar%2frun%2fdirsrv%2fslapd-XXXX.socket -b "dc=XXXXX,dc=es"
-s one "(objectClass=organization)" o

/etc/nslcd.conf is used with nsswitch.conf to make LDAP users and
groups available to the system, so, if configured in PAM, they can
access the system. pam_ldap.conf (I've never used it), should be to
configure PAM to use LDAP as an option to retrieve users and passwords
to authenticate the users.

Regards.


2012/7/12 Alberto Suárez <asuapaz at gobiernodecanarias.org>:
> Hi,
>
> I have finished configuring 389 on Centos 6.2. and it seems to work ok now.
> Not a conceptually difficult exercise, but a very complex exercise in
> practice, due to the many details that have to be born in mind which either
> are not well documented (IMHO) or scatterd in several docs, plus the tricky
> changes introduced by Centos 6.2.
>
> My intention is to prepare a doc in spanish explaining how to set the thing
> up from the beginning and make it available to anyone who needs it.
>
> However I still have some doubts after having gone through the installation
> an configuration of the product:
>
> 1. Autobind and LDAPI. From my understanding, Centos 6.2 wants you to use
> SSL, but on the other hand there is LDAPI which is meant to be faster and
> more secure. In my case, the client and LDAP will be sitting on the same
> machine, so I do not see the point in using SSL as opposed to ldapi. How do
> you configure 389 to use ldapi and not SSL? I enabled LDAPI and configured
> Autobind following the instructions given in RHDS 9.0 documentation, but I
> do not se how it is (if it is) used.
>
> 2. Is there some doc that explains the various directives found in
> /etc/pam_ldap.conf and /etc/nslcd.conf files? I have configured some in
> order to get it to work, but I do not understand well its purpose. The man
> page does not cover every directive and it is not quite explanatory, anyway.
>
> Thank you.
>
> Alberto
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

More information about the 389-users mailing list