[389-users] Questions on 389 configuration

Rich Megginson rmeggins at redhat.com
Thu Jul 12 13:30:29 UTC 2012 

On 07/12/2012 04:13 AM, Alberto Suárez wrote:
> Hi,
>
> I have finished configuring 389 on Centos 6.2. and it seems to work ok 
> now. Not a conceptually difficult exercise, but a very complex 
> exercise in practice, due to the many details that have to be born in 
> mind which either are not well documented (IMHO) or scatterd in 
> several docs, plus the tricky changes introduced by Centos 6.2.
>
> My intention is to prepare a doc in spanish explaining how to set the 
> thing up from the beginning and make it available to anyone who needs it.
>
> However I still have some doubts after having gone through the 
> installation an configuration of the product:
>
> 1. Autobind and LDAPI. From my understanding, Centos 6.2 wants you to 
> use SSL, but on the other hand there is LDAPI which is meant to be 
> faster and more secure. In my case, the client and LDAP will be 
> sitting on the same machine, so I do not see the point in using SSL as 
> opposed to ldapi. How do you configure 389 to use ldapi and not SSL? I 
> enabled LDAPI and configured Autobind following the instructions given 
> in RHDS 9.0 documentation, but I do not se how it is (if it is) used.

To test it, you have to use an ldapi URL like this:
ldapmodify -x -H ldapi://pathtosocket.socket -D "cn=directory manager" 
-w password -a

Where pathtosocket.socket is the full absolute path of the socket file, 
with the '/' replaced with '%2F'

The access log will tell you if the connection is using ldapi

I don't know if pam/nss ldap supports ldapi.
>
> 2. Is there some doc that explains the various directives found in 
> /etc/pam_ldap.conf and /etc/nslcd.conf files? I have configured some 
> in order to get it to work, but I do not understand well its purpose. 
> The man page does not cover every directive and it is not quite 
> explanatory, anyway.
man pam_ldap

I don't know abotu nslcd.
>
> Thank you.
>
> Alberto
> -- 
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

More information about the 389-users mailing list