Talk:Centralized authentication using OpenLDAP

Client notes
LAM (Ldap Account Manager) is a free (GPL-licensed) similiar with web client.

But it is still not in portage (gentoo overlay).

I'm not enough familiar with web-utils ebuilding. So, if anybody is interested in this tool, add it into tree first.

Online Configuration
SwifT, why you've droped note about limitations of LDIF backend?

When using OLC-style configuration this may produce some unpleasant surprises.

This guide should be converted to make use of OpenLDAP's online configuration instead of using a slapd.conf. Upstream recommends not to use the slapd.conf file anymore since several years.

--Eliasp (talk) 00:10, 11 January 2014 (UTC)


 * Made the initial description of OLC (aka cn=config). Description will be enchanced. Please, review it, my English is… not well enough. To my mind, we should NOT try to make the guide shorter or easier, but first of all divide it into two (or even up to four, since OpenLDAP is not the only directory implementation in portage tree) parts:


 * 1) General Overview,
 * 2) Server setup and _mainatanance_ (!) (separate articles for OpenLDAP, 389 etc),
 * 3) Server's usage for authenfication purposes.
 * 4) Followed with descriptions of usage for certification distribution and so long

--Anarchist Oct 27 10:02:47 UTC 2014

I am willing to write a guide. Openldap is a Mountain of config that potentially could have pitfalls. I need someone to review my method.

To start a guide that uses the following.


 * 1) atest stable version of openldap.
 * 2) Using Start tls on port 389.
 * 3) Include an authenticatoin exacmple using sssd(as this seems like the nice way).
 * 4) Use LAM Ldap Account Manager in the guide. This seems sane and I believe will make any guide ten times shorter.

Let me know what do you think. --James.cordell (talk) 10:39, 16 April 2014 (UTC)


 * Anything that might make the guide shorter or easier to follow is greatly welcomed. I have no experience with LAM AM so by all means, go ahead. I was considering splitting things up in separate pages (the guide currently uses a multi-stage approach to end where it is, but that approach does make it less easy to follow). --SwifT (talk) 20:08, 16 April 2014 (UTC)

I have added lots of bits. Including the slaptest. The guide would be better with the simpler sssd for client authentication. This would be an alternative to pam_ldap nss_ldap etc. What do you think? maybe there should be seperate guides. Also should hdb be used instead of ldbm, hdb is the recommended one?

--James.cordell (talk) 15:58, 25 April 2014 (UTC)

I'm allot happier with that. It needs normal people to test it now :)

--James.cordell (talk) 01:09, 28 April 2014 (UTC)