[389-users] Questions on 389 configuration
Rich Megginson
rmeggins at redhat.com
Thu Jul 12 13:30:29 UTC 2012
On 07/12/2012 04:13 AM, Alberto Suárez wrote:
> Hi,
>
> I have finished configuring 389 on Centos 6.2. and it seems to work ok
> now. Not a conceptually difficult exercise, but a very complex
> exercise in practice, due to the many details that have to be born in
> mind which either are not well documented (IMHO) or scatterd in
> several docs, plus the tricky changes introduced by Centos 6.2.
>
> My intention is to prepare a doc in spanish explaining how to set the
> thing up from the beginning and make it available to anyone who needs it.
>
> However I still have some doubts after having gone through the
> installation an configuration of the product:
>
> 1. Autobind and LDAPI. From my understanding, Centos 6.2 wants you to
> use SSL, but on the other hand there is LDAPI which is meant to be
> faster and more secure. In my case, the client and LDAP will be
> sitting on the same machine, so I do not see the point in using SSL as
> opposed to ldapi. How do you configure 389 to use ldapi and not SSL? I
> enabled LDAPI and configured Autobind following the instructions given
> in RHDS 9.0 documentation, but I do not se how it is (if it is) used.
To test it, you have to use an ldapi URL like this:
ldapmodify -x -H ldapi://pathtosocket.socket -D "cn=directory manager"
-w password -a
Where pathtosocket.socket is the full absolute path of the socket file,
with the '/' replaced with '%2F'
The access log will tell you if the connection is using ldapi
I don't know if pam/nss ldap supports ldapi.
>
> 2. Is there some doc that explains the various directives found in
> /etc/pam_ldap.conf and /etc/nslcd.conf files? I have configured some
> in order to get it to work, but I do not understand well its purpose.
> The man page does not cover every directive and it is not quite
> explanatory, anyway.
man pam_ldap
I don't know abotu nslcd.
>
> Thank you.
>
> Alberto
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
More information about the 389-users
mailing list