Date: Wed, 05 Oct 2011 10:35:31 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= <des@des.no> Cc: hackers@freebsd.org Subject: Re: Does anyone use nscd? Message-ID: <4E8C24E3.3010407@infracaninophile.co.uk> In-Reply-To: <86ehyrhlqp.fsf@ds4.des.no> References: <86sjn84wco.fsf@ds4.des.no> <53BBCF50-2ACB-431B-9EED-0533A3F1BE78@gsoft.com.au> <86ehyrhlqp.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig73C7C15DBDBABA80C406AABD Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 05/10/2011 09:43, Dag-Erling Sm=C3=B8rgrav wrote: > While we're at it, I'd be very grateful if someone could email me a > quick and dirty guide to setting up an LDAP server for testing. I have= > too much on my plate right now to start reading documentation... The Quick Start guide on the OpenLDAP site is pretty good: http://www.openldap.org/doc/admin24/quickstart.html although steps 1 -- 8 just boil down to 'install from ports' on FreeBSD. Notes: 1) Don't enable SASL -- it adds a lot of complexity but doesn't change anything fundamental in the way LDAP works for testing purposes. 2) The default schema include inetOrgPerson and Posix which is enough to deal with basic Unix users and groups. If you want to do anything more advanced (eg. sudo related or OpenSSH LPK patches) then you'll need to import some external schema. I recommend always copying the schema files into $PREFIX/etc/openldap/schema or else casually removing a port could prevent your slapd from restarting days or weeks later... 3) The structure of an LDAP tree is site-specific and can be quite different between different organizations, but in essence it consists of sorting and grouping various classes of objects into various subdirectories of your directory tree. For testing purposes, impose at least a minimal amount of structure. As the quick start guide suggests, use the dc=3Dexample,dc=3Dcom form based on your domain name to root your= LDAP tree. Within that, create some sub-directories 'ou=3DUsers', 'ou=3DGroups', 'ou=3DHosts' for storing objects of the appropriate types.= This should provide a reasonable parallel to what most people would use in production. 4) ACLs and permissions are pretty complex in LDAP. This is something where you are going to have to spend some quality time with the manuals I'm afraid. 5) phpldapadmin is a pretty good tool for populating a directory with test data. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW --------------enig73C7C15DBDBABA80C406AABD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6MJOoACgkQ8Mjk52CukIxQnQCcCo/cp0RKKZEMZkfAqDX3VMwK EjAAn2QUbCANK2rABVsDjoYWc4eEgpMr =1tOB -----END PGP SIGNATURE----- --------------enig73C7C15DBDBABA80C406AABD--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E8C24E3.3010407>