[Date Prev][Date Next]
Re: Some More Newbie Questions
--On Tuesday, October 17, 2006 4:16 AM -0700 Ted Johnson
Here are some more questions I have in setting up my slapd.conf file:
* How does one incorporate a user certificate? Where does one incorporate
* Since my server is a stand-alone unit and I am the only administrator,
I see no need for using Kerberos. However, TLS requires anonymous bind,
and anonymous bind presents the problem of possible DoS attacks. Are
there work-arounds with this, or, if I'm concerned about the same, is
this reason enough to use Kerberos?
* What are limits? Is this just for syncrepl? I have no replication.
* Where does one set limits? In the database config file?
* Access scope has three potential values: base, subtree and children.
Does "children" go down the entire subtree, such that the only difference
between "subtree" and "children" is that the former includes the base?
* Can someone give me a clear explanation with an example of "dnattr" and
where it is used (i.e. slapd.conf or slapd.d/cn=control)?
* Can someone give me a clear explanation with an example of how and
where to use "ssf"? How can this be configured for someone authorizing
via SSH2? How about an internal daemon?
* Why is the default timelimit so high (3600)? I mean, if slapd can't
find what it's looking for in 300 seconds, something's wrong!
* I had to specially install bdb to use bdb. Do I have to specially
install monitor to use monitor? If so, where do I find it?
You already asked all this on ldap@umich, and got answers from it. Most,
if not all, your questions would be answered by reading the OpenLDAP Admin
guide and the OpenLDAP FAQ. And your concept about TLS and anonymous binds
is just wrong. It is an encryption layer, not a authentication
mechanism(*), so you can use it with whatever authentication mechanism you
choose, or anonymous.
(*) SASL/EXTERNAL can use user certs to do authentication in addition to
setting up a TLS connection.
Principal Software Developer
ITS/Shared Application Services
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html