[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: General Issues

To: <dime@gulfsales.com>
Subject: RE: General Issues
From: "nate" <ldap@aphroland.org>
Date: Wed, 27 Feb 2002 17:05:20 -0800 (PST)
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <000001c1bfdd$ff31b590$0300a8c0@yellow>
References: <000001c1bfdd$ff31b590$0300a8c0@yellow>

<quote who="Glover George">
>>

> Not sure what LDAP has to do here with SAMBA other than samba's
> authentication method being other than the smbpasswd file.  I too
> use samba, but only has a file sharing/print server.  Not a PDC.  I
> want to, but as of RH7.2 with win2000 and winxp haven't been
> succesfull (of course I haven't really cared too much, I'm waiting
> on the newer version v.2 I guess).

last i checked samba had native LDAP support(not via PAM).
so it should be able to authenticate directly with LDAP
and not need a smbpasswd file ..but i haven't investigated
this much at all yet.

>

> What exaclty roam for netscape?  The address book and favorites and
> history or something?  Of course lazy bastards here being as they
> are can' wait on netscape to load so they all use IE.

yeah, keeps preferences, bookmarks, cookies, filters etc on
the server. ive been using roaming over http for years and
its great(only synch my bookmarks since the configuration
varies from site to site). Not many will use it i think
but i give it as an option..


>
> All this needs is for the user to be setup then right?

yes, the user must have a LDAP capable client, netscape
4 and outlook both are ldap capable(netscape6/mozilla are
not yet). netscape 4 does not work with LDAP over SSL,
nor does outlook from my searches of mail archives.



>
> I had 2 examples in my ldap config file, one that did organazation
> like you're showing and one where you did dc=mydomain,dc=com.
> What's the difference in these two approaches and which should I
> use? (This is a huge source of confusion to me).

honestly i don't know (yet). other then being able
to specify an organization (e.g. company) name rather
then use the hostname of a system (e.g. dc=ldap,dc=mydomain,dc=com
for ldap.mydomain.com). I haven't seen any evidence either
way which is best.



> So Just use this and copy and past the answer into the user.ldif
> file before using ldapadd?

thats what i do, or paste it into ldapexplorer or some
other online ldap database client. I haven't spent much
time yet on getting automatic password updates configured
via pam or other methods yet ..i plan to investigate those
as well though.



> Sorry for so many questions, but mail routing?  What exactly do you
> mean by this.  Are you simply saying the email address associated
> with a users entry, or is it for something more complex (i.e. -
> incoming
> address aliasing with sendmail/qmail)?

questions are good ..if it can save you the headaches
i went through :)   the specifics for mail routing depend
on what mail server your using.  sendmail for example can
access aliases from the LDAP database as well as virtualusers
(e.g. someuser@myotherdomain.com) from LDAP (which is not
in my example, i haven't looked into it yet). qmail has
similar support(there seems to be a bunch of LDAP/qmail
front ends on freshmeat.net). from my investigations sofar,
the mail routing entries just tell the server what email
address(s) a particular person has, and what user@mail server
to route the mail to.  If you only have 1 mail server it
may not be of any use. but i have 4 currently (3 slave
and 1 hub). im more interested in keeping all the info
"in one place" so i can take a look at an account and see
everything related to it, and not have to login to differnet
systems and check individual settings.

there is also a way to restrict access to certain servers
from within LDAP, but i have not had time to check it
out yet (Directory Administrator has this option but
i haven't tested it). I hopefully can use this in combo
with radius to control who can login through a dialup
RAS server and who cannot via LDAP. as it is we have
a seperate user database that is difficult to maintain.


>
> Oh it definitely does, I agree that there should be more info out
> there. It's ass if we're supposed to read the RFC's and understand
> that
> garbage.  Thanks a lot.

yeah, i was suprised. just some basic info would of gotten
me into LDAP a year ago, but lack of examples and stuff
kept me pullin my hair out for a while so i gave up for
a year and came back to it again last monday ..amazing
progress since then! i want to put up a website detailling
the info i learned during this soon ..been so busy recently
though. i think sometime in april things will calm down
here and i will have some quiet time to do that.

glad i could help

nate

Prev by Date: Re: General Issues
Next by Date: (sigh) replication still failing on 1.2.13
Index(es):
- Chronological
- Thread