Talk:Centralized authentication using OpenLDAP

From Gentoo Wiki
Jump to: navigation, search
Note
This is a talk page. Please add newer comments below older ones, and sign your comments using four tildes (~~~~). When adding a new section (at the bottom of the page), please mark it as "open for discussion" by using {{talk|open}} so it will show up in the list of open discussions.

Client notes

Talk status
This discussion is done.

LAM (Ldap Account Manager) is a free (GPL-licensed) similiar with net-nds/phpldapadmin web client.

But it is still not in portage (gentoo overlay).

I'm not enough familiar with web-utils ebuilding. So, if anybody is interested in this tool, add it into tree first.

looks like not bug #149081 and bug #214841 --Cronolio (talk) 18:17, 2 June 2017 (UTC)

Online Configuration

Talk status
This discussion is done.

SwifT, why you've droped note about limitations of LDIF backend?

Warning
One of the features of commonly used by OLC LDIF-backend is that it doesn't allow file removing (and, possibly, file operations at all, including renaming). You can for example add overlay, but you can not remove it.

When using OLC-style configuration this may produce some unpleasant surprises.

This guide should be converted to make use of OpenLDAP's online configuration instead of using a slapd.conf. Upstream recommends not to use the slapd.conf file anymore since several years.

--Eliasp (talk) 00:10, 11 January 2014 (UTC)

Made the initial description of OLC (aka cn=config). Description will be enchanced. Please, review it, my English is… not well enough. To my mind, we should NOT try to make the guide shorter or easier, but first of all divide it into two (or even up to four, since OpenLDAP is not the only directory implementation in portage tree) parts:
  1. General Overview,
  2. Server setup and _mainatanance_ (!) (separate articles for OpenLDAP, 389 etc),
  3. Server's usage for authenfication purposes.
  4. Followed with descriptions of usage for certification distribution and so long

--Anarchist Oct 27 10:02:47 UTC 2014


I am willing to write a guide. Openldap is a Mountain of config that potentially could have pitfalls. I need someone to review my method.

To start a guide that uses the following.

  1. atest stable version of openldap.
  2. Using Start tls on port 389.
  3. Include an authenticatoin exacmple using sssd(as this seems like the nice way).
  4. Use LAM Ldap Account Manager in the guide. This seems sane and I believe will make any guide ten times shorter.

Let me know what do you think. --James.cordell (talk) 10:39, 16 April 2014 (UTC)

Anything that might make the guide shorter or easier to follow is greatly welcomed. I have no experience with LAM AM so by all means, go ahead. I was considering splitting things up in separate pages (the guide currently uses a multi-stage approach to end where it is, but that approach does make it less easy to follow). --SwifT (talk) 20:08, 16 April 2014 (UTC)

I have added lots of bits. Including the slaptest. The guide would be better with the simpler sssd for client authentication. This would be an alternative to pam_ldap nss_ldap etc. What do you think? maybe there should be seperate guides. Also should hdb be used instead of ldbm, hdb is the recommended one?

--James.cordell (talk) 15:58, 25 April 2014 (UTC)

I'm allot happier with that. It needs normal people to test it now :)

--James.cordell (talk) 01:09, 28 April 2014 (UTC)