[gentoo-doc-cvs] cvs commit: ldap-howto.xml

[gentoo-doc-cvs] cvs commit: ldap-howto.xml

[swift]

swift       05/10/01 19:22:00

  Modified:    xml/htdocs/doc/en ldap-howto.xml
  Log:
  #102486 - Changes to system-auth to allow ldap authentication

Revision  Changes    Path
1.28      +8 -7      xml/htdocs/doc/en/ldap-howto.xml

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/ldap-howto.xml?rev=1.28&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/ldap-howto.xml?rev=1.28&content-type=text/plain&cvsroot=gentoo
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/ldap-howto.xml.diff?r1=1.27&r2=1.28&cvsroot=gentoo

Index: ldap-howto.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- ldap-howto.xml	10 Jun 2005 18:32:09 -0000	1.27
+++ ldap-howto.xml	1 Oct 2005 19:22:00 -0000	1.28
@@ -1,5 +1,5 @@
 <?xml version='1.0' encoding='UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.27 2005/06/10 18:32:09 swift Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.28 2005/10/01 19:22:00 swift Exp $ -->
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
 <guide link="/doc/en/ldap-howto.xml">
@@ -30,8 +30,8 @@
 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
 <license/>
 
-<version>0.18.2</version>
-<date>2005-06-10</date>
+<version>0.18.3</version>
+<date>2005-10-01</date>
 
 <chapter>
 <title>Getting Started with OpenLDAP</title>
@@ -331,17 +331,18 @@
 auth    sufficient  /lib/security/pam_ldap.so use_first_pass
 auth    required    /lib/security/pam_deny.so
 
-account required  /lib/security/pam_unix.so
-account sufficient  /lib/security/pam_ldap.so
+account requisite  /lib/security/pam_unix.so
+account sufficient /lib/security/pam_localuser.so
+account required   /lib/security/pam_ldap.so
 
 password    required /lib/security/pam_cracklib.so retry=3
 password    sufficient /lib/security/pam_unix.so nullok use_authtok shadow md5
-password    sufficient /lib/security/pam_ldap.so use_authtok
+password    sufficient /lib/security/pam_ldap.so use_authtok use_first_pass
 password    required /lib/security/pam_deny.so
 
 session required    /lib/security/pam_limits.so
 session required    /lib/security/pam_unix.so
-session required     /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0
+session required     /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0066
 session optional    /lib/security/pam_ldap.so
 </pre>
 



-- 
gentoo-doc-cvs@gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: ldap-howto.xml

[Jan Kundrat]

jkt         05/10/08 15:09:49

  Modified:    xml/htdocs/doc/en ldap-howto.xml
  Log:
  #102949, "LDAP guide shows wrong libraries location"

Revision  Changes    Path
1.29      +21 -21    xml/htdocs/doc/en/ldap-howto.xml

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/ldap-howto.xml?rev=1.29&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/ldap-howto.xml?rev=1.29&content-type=text/plain&cvsroot=gentoo
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/ldap-howto.xml.diff?r1=1.28&r2=1.29&cvsroot=gentoo

Index: ldap-howto.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- ldap-howto.xml	1 Oct 2005 19:22:00 -0000	1.28
+++ ldap-howto.xml	8 Oct 2005 15:09:49 -0000	1.29
@@ -1,5 +1,5 @@
 <?xml version='1.0' encoding='UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.28 2005/10/01 19:22:00 swift Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.29 2005/10/08 15:09:49 jkt Exp $ -->
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
 <guide link="/doc/en/ldap-howto.xml">
@@ -30,8 +30,8 @@
 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
 <license/>
 
-<version>0.18.3</version>
-<date>2005-10-01</date>
+<version>0.19</version>
+<date>2005-10-08</date>
 
 <chapter>
 <title>Getting Started with OpenLDAP</title>
@@ -326,24 +326,24 @@
 </p>
 
 <pre caption="/etc/pam.d/system-auth">
-auth    required    /lib/security/pam_env.so
-auth    sufficient  /lib/security/pam_unix.so likeauth nullok shadow
-auth    sufficient  /lib/security/pam_ldap.so use_first_pass
-auth    required    /lib/security/pam_deny.so
-
-account requisite  /lib/security/pam_unix.so
-account sufficient /lib/security/pam_localuser.so
-account required   /lib/security/pam_ldap.so
-
-password    required /lib/security/pam_cracklib.so retry=3
-password    sufficient /lib/security/pam_unix.so nullok use_authtok shadow md5
-password    sufficient /lib/security/pam_ldap.so use_authtok use_first_pass
-password    required /lib/security/pam_deny.so
-
-session required    /lib/security/pam_limits.so
-session required    /lib/security/pam_unix.so
-session required     /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0066
-session optional    /lib/security/pam_ldap.so
+auth    required    pam_env.so
+auth    sufficient  pam_unix.so likeauth nullok shadow
+auth    sufficient  pam_ldap.so use_first_pass
+auth    required    pam_deny.so
+
+account requisite  pam_unix.so
+account sufficient pam_localuser.so
+account required   pam_ldap.so
+
+password    required pam_cracklib.so retry=3
+password    sufficient pam_unix.so nullok use_authtok shadow md5
+password    sufficient pam_ldap.so use_authtok use_first_pass
+password    required pam_deny.so
+
+session required    pam_limits.so
+session required    pam_unix.so
+session required    pam_mkhomedir.so skel=/etc/skel/ umask=0066
+session optional    pam_ldap.so
 </pre>
 
 <!--  Should work now, see #87930



-- 
gentoo-doc-cvs@gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: ldap-howto.xml

[Shyam Mani]

fox2mike    05/10/11 20:06:19

  Modified:    xml/htdocs/doc/en ldap-howto.xml
  Log:
  We're giving search perms, not read. Thanks to Borges for reporting.

Revision  Changes    Path
1.30      +3 -3      xml/htdocs/doc/en/ldap-howto.xml

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/ldap-howto.xml?rev=1.30&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/ldap-howto.xml?rev=1.30&content-type=text/plain&cvsroot=gentoo
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/ldap-howto.xml.diff?r1=1.29&r2=1.30&cvsroot=gentoo

Index: ldap-howto.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- ldap-howto.xml	8 Oct 2005 15:09:49 -0000	1.29
+++ ldap-howto.xml	11 Oct 2005 20:06:19 -0000	1.30
@@ -1,5 +1,5 @@
 <?xml version='1.0' encoding='UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.29 2005/10/08 15:09:49 jkt Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.30 2005/10/11 20:06:19 fox2mike Exp $ -->
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
 <guide link="/doc/en/ldap-howto.xml">
@@ -30,7 +30,7 @@
 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
 <license/>
 
-<version>0.19</version>
+<version>0.20</version>
 <date>2005-10-08</date>
 
 <chapter>
@@ -475,7 +475,7 @@
   
 access to *
   by dn="uid=root,ou=People,dc=genfic,dc=com" write
-  by * read
+  by * search
 </pre>
 
 <p>



-- 
gentoo-doc-cvs@gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: ldap-howto.xml

[swift]

swift       05/10/21 20:43:52

  Modified:    xml/htdocs/doc/en ldap-howto.xml
  Log:
  #105611 - Fix for permission problem thanks to Bernard Guillot

Revision  Changes    Path
1.31      +4 -3      xml/htdocs/doc/en/ldap-howto.xml

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/ldap-howto.xml?rev=1.31&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/ldap-howto.xml?rev=1.31&content-type=text/plain&cvsroot=gentoo
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/ldap-howto.xml.diff?r1=1.30&r2=1.31&cvsroot=gentoo

Index: ldap-howto.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- ldap-howto.xml	11 Oct 2005 20:06:19 -0000	1.30
+++ ldap-howto.xml	21 Oct 2005 20:43:52 -0000	1.31
@@ -1,5 +1,5 @@
 <?xml version='1.0' encoding='UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.30 2005/10/11 20:06:19 fox2mike Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.31 2005/10/21 20:43:52 swift Exp $ -->
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
 <guide link="/doc/en/ldap-howto.xml">
@@ -30,8 +30,8 @@
 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
 <license/>
 
-<version>0.20</version>
-<date>2005-10-08</date>
+<version>0.21</version>
+<date>2005-10-21</date>
 
 <chapter>
 <title>Getting Started with OpenLDAP</title>
@@ -215,6 +215,7 @@
 # <i>cd /etc/ssl</i>
 # <i>openssl req -config /etc/ssl/openssl.cnf -new -x509 -nodes -out \
 ldap.pem -keyout /etc/openldap/ssl/ldap.pem -days 999999</i>
+# <i>chown ldap:ldap /etc/openldap/ssl/ldap.pem</i>
 </pre>
 
 <p>



-- 
gentoo-doc-cvs@gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: ldap-howto.xml

[Jan Kundrat]

jkt         05/12/19 12:05:35

  Modified:    xml/htdocs/doc/en ldap-howto.xml
  Log:
  #115409, pam_ldap and nss_ldap have been moved from net-libs to sys-auth

Revision  Changes    Path
1.32      +4 -4      xml/htdocs/doc/en/ldap-howto.xml

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/ldap-howto.xml?rev=1.32&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/ldap-howto.xml?rev=1.32&content-type=text/plain&cvsroot=gentoo
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/ldap-howto.xml.diff?r1=1.31&r2=1.32&cvsroot=gentoo

Index: ldap-howto.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- ldap-howto.xml	21 Oct 2005 20:43:52 -0000	1.31
+++ ldap-howto.xml	19 Dec 2005 12:05:35 -0000	1.32
@@ -1,5 +1,5 @@
 <?xml version='1.0' encoding='UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.31 2005/10/21 20:43:52 swift Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.32 2005/12/19 12:05:35 jkt Exp $ -->
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
 <guide link="/doc/en/ldap-howto.xml">
@@ -30,7 +30,7 @@
 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
 <license/>
 
-<version>0.21</version>
+<version>0.22</version>
 <date>2005-10-21</date>
 
 <chapter>
@@ -313,8 +313,8 @@
 
 <p>
 First, we will configure PAM to allow LDAP authorization. Install
-<c>net-libs/pam_ldap</c> so that PAM supports LDAP authorization, and
-<c>net-libs/nss_ldap</c> so that your system can cope with LDAP servers for
+<c>sys-auth/pam_ldap</c> so that PAM supports LDAP authorization, and
+<c>sys-auth/nss_ldap</c> so that your system can cope with LDAP servers for
 additional information (used by <path>nsswitch.conf</path>).
 </p>
 



-- 
gentoo-doc-cvs@gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: ldap-howto.xml

[Xavier Neys]

neysx       06/01/26 14:34:53

  Modified:    xml/htdocs/doc/en ldap-howto.xml
  Log:
  #115130 Mark ldap-howto as obsolete until it can be upgraded

Revision  Changes    Path
1.33      +2 -2      xml/htdocs/doc/en/ldap-howto.xml

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/ldap-howto.xml?rev=1.33&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/ldap-howto.xml?rev=1.33&content-type=text/plain&cvsroot=gentoo
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/ldap-howto.xml.diff?r1=1.32&r2=1.33&cvsroot=gentoo

Index: ldap-howto.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- ldap-howto.xml	19 Dec 2005 12:05:35 -0000	1.32
+++ ldap-howto.xml	26 Jan 2006 14:34:53 -0000	1.33
@@ -1,8 +1,8 @@
 <?xml version='1.0' encoding='UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.32 2005/12/19 12:05:35 jkt Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.33 2006/01/26 14:34:53 neysx Exp $ -->
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
-<guide link="/doc/en/ldap-howto.xml">
+<guide link="/doc/en/ldap-howto.xml" disclaimer="obsolete">
 <title>Gentoo Guide to OpenLDAP Authentication</title>
 
 <author title="Author">



-- 
gentoo-doc-cvs@gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: ldap-howto.xml

[Joshua Saddler]

nightmorph    08/01/02 00:45:06

  Modified:             ldap-howto.xml
  Log:
  merged jokey's patch for the time being. hopefully he and/or robbat2 or other contributors can fill out the guide so we can bring it out of draft status once again. bug 176075

Revision  Changes    Path
1.36                 xml/htdocs/doc/en/ldap-howto.xml

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?rev=1.36&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?rev=1.36&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?r1=1.35&r2=1.36

Index: ldap-howto.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -r1.35 -r1.36
--- ldap-howto.xml	29 Nov 2006 15:48:57 -0000	1.35
+++ ldap-howto.xml	2 Jan 2008 00:45:06 -0000	1.36
@@ -1,24 +1,25 @@
 <?xml version='1.0' encoding='UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.35 2006/11/29 15:48:57 nightmorph Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.36 2008/01/02 00:45:06 nightmorph Exp $ -->
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
-<guide link="/doc/en/ldap-howto.xml" disclaimer="obsolete">
+<guide link="/doc/en/ldap-howto.xml" disclaimer="draft">
 <title>Gentoo Guide to OpenLDAP Authentication</title>
 
 <author title="Author">
   <mail link="sj7trunks@pendulus.net">Benjamin Coles</mail>
 </author>
-
 <author title="Editor">
   <mail link="swift@gentoo.org">Sven Vermeulen</mail>
 </author>
-
 <author title="Editor">
   <mail link="tseng@gentoo.org">Brandon Hale</mail>
 </author>
 <author title="Editor">
   <mail link="bennyc@gentoo.org">Benny Chuang</mail>
 </author>
+<author title="Editor">
+  <mail link="jokey"/>
+</author>
 
 
 <abstract>
@@ -30,8 +31,8 @@
 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
 <license/>
 
-<version>0.22</version>
-<date>2005-10-21</date>
+<version>0.23</version>
+<date>2008-01-01</date>
 
 <chapter>
 <title>Getting Started with OpenLDAP</title>
@@ -155,43 +156,65 @@
 </p>
 
 <pre caption="Install OpenLDAP">
-# <i>emerge openldap pam_ldap nss_ldap migrationtools</i>
-# <i>chown ldap:ldap /var/lib/openldap-ldbm /var/lib/openldap-data /var/lib/openldap-slurp</i>
+# <i>emerge ">=net-nds/openldap-2.3.38" pam_ldap nss_ldap</i>
 </pre>
 
 <p>
-Edit <path>/etc/openldap/slapd.conf</path> and add the following right after 
-<c>core.schema</c>:
+Now generate an encrypted password we'll use later on:
+</p>
+
+<pre caption="Generate password">
+# slappasswd
+New password: my-password
+Re-enter new password: my-password
+{SSHA}EzP6I82DZRnW+ou6lyiXHGxSpSOw2XO4
+</pre>
+
+<p>
+Now edit the LDAP Server config at <path>/etc/openldap/slapd.conf</path>:
 </p>
 
 <pre caption="/etc/openldap/slapd.conf">
-<comment># Include the needed data schemes</comment>
+<comment># Include the needed data schemes below core.schema</comment>
 include         /etc/openldap/schema/cosine.schema
 include         /etc/openldap/schema/inetorgperson.schema
 include         /etc/openldap/schema/nis.schema
 
-<comment># Use md5 to hash the passwords</comment>
-password-hash {md5}
+<comment>Uncomment modulepath and hdb module</comment>
+# Load dynamic backend modules:
+modulepath    /usr/lib/openldap/openldap
+# moduleload    back_shell.so
+# moduleload    back_relay.so
+# moduleload    back_perl.so
+# moduleload    back_passwd.so
+# moduleload    back_null.so
+# moduleload    back_monitor.so
+# moduleload    back_meta.so
+moduleload    back_hdb.so
+# moduleload    back_dnssrv.so
+
+<comment># Uncomment sample access restrictions (Note: maintain indentation!)</comment>
+access to dn.base="" by * read
+access to dn.base="cn=Subschema" by * read
+access to *
+   by self write
+   by users read
+   by anonymous auth
 
-<comment># Define SSL and TLS properties (optional)</comment>
-TLSCertificateFile /etc/ssl/ldap.pem
-TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem
-TLSCACertificateFile /etc/ssl/ldap.pem
 
-<comment>(Further down...)</comment>
+<comment># BDB Database definition</comment>
 
-database        ldbm
+database        hdb
 suffix          "dc=genfic,dc=com"
+checkpoint      32      30 # &lt;kbyte&gt; &lt;min&gt;
 rootdn          "cn=Manager,dc=genfic,dc=com"
-rootpw          <i>{MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==</i>
+rootpw          <i>{SSHA}EzP6I82DZRnW+ou6lyiXHGxSpSOw2XO4</i>
 directory       /var/lib/openldap-ldbm
 index           objectClass     eq
-
-<comment>(You can get an encrypted password like above with slappasswd -h {Md5})</comment>
 </pre>
 
 <p>
-Next we edit the LDAP configuration file:
+Next we edit the LDAP Client configuration file:
 </p>
 
 <pre caption="/etc/openldap/ldap.conf">
@@ -199,32 +222,18 @@
 <comment>(Add the following...)</comment>
 
 BASE         dc=genfic, dc=com
-URI          ldaps://auth.genfic.com:636/
+URI          ldap://auth.genfic.com:389/
 TLS_REQCERT  allow
 </pre>
 
 <p>
-Now you will generate an SSL certificate to secure your directory.
-Answer the question you receive as good as possible. When asked for your
-<e>Common Name</e>, enter the name the clients will use when contacting
-the server. This is usually the full domainname (e.g. 
-<path>auth.genfic.com</path>).
-</p>
-
-<pre caption="Generating SSL Certificate">
-# <i>cd /etc/ssl</i>
-# <i>openssl req -config /etc/ssl/openssl.cnf -new -x509 -nodes -out \
-ldap.pem -keyout /etc/openldap/ssl/ldap.pem -days 999999</i>
-# <i>chown ldap:ldap /etc/openldap/ssl/ldap.pem</i>
-</pre>
-
-<p>
 Now edit <path>/etc/conf.d/slapd</path> and add the following, commenting out 
 the existing line:
 </p>
 
 <pre caption="/etc/conf.d/slapd">
-OPTS="-h 'ldaps:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
+<comment># Note: we don't use cn=config here, so stay with this line:</comment>
+OPTS="-h 'ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
 </pre>
 
 <p>
@@ -253,60 +262,22 @@
 </chapter>
 
 <chapter>
-<title>Migrate Existing Data</title>
+<title>Client Configuration</title>
 <section>
-<title>Migrate User Accounts</title>
+<title>Migrate existing data to ldap</title>
 <body>
 
 <p>
-Next, we migrate the user accounts. Open 
-<path>/usr/share/migrationtools/migrate_common.ph</path> and edit the 
-following:
-</p>
-
-<pre caption="/usr/share/migrationtools/migrate_common.ph">
-$DEFAULT_BASE = "dc=genfic,dc=com";
-$EXTENDED_SCHEMA = 1;
-<comment># Comment these lines out unless you have a mail schema loaded</comment>
-<comment>#$DEFAULT_MAIL_DOMAIN = "genfic.com";</comment>
-<comment>#$DEFAULT_MAIL_HOST = "mail.genfic.com";</comment>
-</pre>
-
-<p>
-Now run the migration scripts:
-</p>
-
-<pre caption="Running the migration scripts">
-# <i>export ETC_SHADOW=/etc/shadow</i>
-# <i>cd /usr/share/migrationtools</i>
-# <i>./migrate_base.pl > /tmp/base.ldif</i>
-# <i>./migrate_group.pl /etc/group /tmp/group.ldif</i>
-# <i>./migrate_hosts.pl /etc/hosts /tmp/hosts.ldif</i>
-# <i>./migrate_passwd.pl /etc/passwd /tmp/passwd.ldif</i>
-</pre>
-
-<p>
-This last step migrated the files above to ldif files read by LDAP. Now lets add the files to our directory:
-</p>
-
-<pre caption="Importing the data to our directory">
-# <i>ldapadd -D "cn=Manager,dc=genfic,dc=com" -W -f /tmp/base.ldif</i>
-# <i>ldapadd -D "cn=Manager,dc=genfic,dc=com" -W -f /tmp/group.ldif</i>
-# <i>ldapadd -D "cn=Manager,dc=genfic,dc=com" -W -f /tmp/passwd.ldif</i>
-# <i>ldapadd -D "cn=Manager,dc=genfic,dc=com" -W -f /tmp/hosts.ldif</i>
-</pre>
-
-<p>
-If you come across an error in your ldif files, you can resume from where you
-left off by using <c>ldapadd -c</c>.
+Go to <uri
+link="http://www.padl.com/OSS/MigrationTools.html">http://www.padl.com/OSS/MigrationTools.html</uri>
+and fetch the scripts there. Configuration is stated on the page. We don't ship
+this anymore because the scripts are a potential security hole if you leave
+them on the system after porting. When you've finished migrating your data,
+continue to the next section.
 </p>
 
 </body>
 </section>
-</chapter>
-
-<chapter>
-<title>Client Configuration</title>
 <section>
 <title>Configuring PAM</title>
 <body>
@@ -323,37 +294,38 @@
 </pre>
 
 <p>
-Now edit <path>/etc/pam.d/system-auth</path> so it looks like the following:
+Now add the following lines in the right places to <path>/etc/pam.d/system-auth</path>:
 </p>
 
 <pre caption="/etc/pam.d/system-auth">
-auth    required    pam_env.so
-auth    sufficient  pam_unix.so likeauth nullok shadow
-auth    sufficient  pam_ldap.so use_first_pass
-auth    required    pam_deny.so
-
-account requisite  pam_unix.so
-account sufficient pam_localuser.so
-account required   pam_ldap.so
-
-password    required pam_cracklib.so retry=3
-password    sufficient pam_unix.so nullok use_authtok shadow md5
-password    sufficient pam_ldap.so use_authtok use_first_pass
-password    required pam_deny.so
-
-session required    pam_limits.so
-session required    pam_unix.so
-session required    pam_mkhomedir.so skel=/etc/skel/ umask=0066
-session optional    pam_ldap.so
-</pre>
+<comment># Note: only add them. Don't kill stuff already in there or your box won't let you login again!</comment>
 
-<!--  Should work now, see #87930
-<note>
-If you find that login on using ssh on these system fails, try interchanging the
-two <c>auth sufficient</c> lines. However, you might find that <c>su</c> and
-other tools refuse to function correctly if you do.
-</note>
--->
+auth       sufficient   pam_ldap.so use_first_pass
+account    sufficient   pam_ldap.so
+password   sufficient   pam_ldap.so use_authtok use_first_pass
+session    optional     pam_ldap.so
+
+<comment># Example file:</comment>
+#%PAM-1.0
+
+auth       required     pam_env.so
+auth       sufficient   pam_unix.so try_first_pass likeauth nullok
+<i>auth       sufficient   pam_ldap.so use_first_pass</i>
+auth       required     pam_deny.so
+
+<i>account    sufficient   pam_ldap.so</i>
+account    required     pam_unix.so
+
+password   required     pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 try_first_pass retry=3
+password   sufficient   pam_unix.so try_first_pass use_authtok nullok md5 shadow
+<i>password   sufficient   pam_ldap.so use_authtok use_first_pass</i>
+password   required     pam_deny.so
+
+session    required     pam_limits.so
+session    required     pam_unix.so
+<i>session    optional     pam_ldap.so</i>
+
+</pre>
 
 <p>
 Now change <path>/etc/ldap.conf</path> to read:
@@ -363,12 +335,10 @@
 <comment>#host 127.0.0.1</comment>
 <comment>#base dc=padl,dc=com</comment>
 
-ssl start_tls
-ssl on
 suffix          "dc=genfic,dc=com"
 <comment>#rootbinddn uid=root,ou=People,dc=genfic,dc=com</comment>
 
-uri ldaps://auth.genfic.com/
+uri ldap://auth.genfic.com/
 pam_password exop
 
 ldap_version 3
@@ -500,10 +470,9 @@
 <body>
 
 <p>
-You can start using the directory to authenticate users in 
-apache/proftpd/qmail/samba. You can manage it with Webmin, which provides a 
-really easy management interface. You can also use gq or 
-directory_administrator. 
+You can start using the directory to authenticate users in
+apache/proftpd/qmail/samba. You can manage it with Webmin, which provides an
+easy management interface. You can also use phpldapadmin, luma, diradm or lat. 
 </p>
 
 </body>



-- 
gentoo-doc-cvs@gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: ldap-howto.xml

[Sven Vermeulen]

swift       08/05/23 20:02:50

  Modified:             ldap-howto.xml
  Log:
  Coding style

Revision  Changes    Path
1.37                 xml/htdocs/doc/en/ldap-howto.xml

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?rev=1.37&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?rev=1.37&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?r1=1.36&r2=1.37

Index: ldap-howto.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- ldap-howto.xml	2 Jan 2008 00:45:06 -0000	1.36
+++ ldap-howto.xml	23 May 2008 20:02:50 -0000	1.37
@@ -1,5 +1,5 @@
 <?xml version='1.0' encoding='UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.36 2008/01/02 00:45:06 nightmorph Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.37 2008/05/23 20:02:50 swift Exp $ -->
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
 <guide link="/doc/en/ldap-howto.xml" disclaimer="draft">
@@ -69,7 +69,7 @@
 transaction support or roll-back functionality. Directories are easily
 replicated to increase availability and reliability. When directories
 are replicated, temporary inconsistencies are allowed as long as they
-get synchronised eventually. 
+get synchronised eventually.
 </p>
 
 </body>
@@ -92,7 +92,7 @@
 dc:        genfic         <comment>(Organisation)</comment>
           /      \
 ou:   people   servers    <comment>(Organisational Units)</comment>
-      /    \     ..     
+      /    \     ..
 uid: ..   jhon            <comment>(OU-specific data)</comment>
 </pre>
 
@@ -227,7 +227,7 @@
 </pre>
 
 <p>
-Now edit <path>/etc/conf.d/slapd</path> and add the following, commenting out 
+Now edit <path>/etc/conf.d/slapd</path> and add the following, commenting out
 the existing line:
 </p>
 
@@ -294,7 +294,8 @@
 </pre>
 
 <p>
-Now add the following lines in the right places to <path>/etc/pam.d/system-auth</path>:
+Now add the following lines in the right places to
+<path>/etc/pam.d/system-auth</path>:
 </p>
 
 <pre caption="/etc/pam.d/system-auth">
@@ -354,7 +355,7 @@
 </pre>
 
 <p>
-Next, copy over the (OpenLDAP) <path>ldap.conf</path> file from the server to 
+Next, copy over the (OpenLDAP) <path>ldap.conf</path> file from the server to
 the client so the clients are aware of the LDAP environment:
 </p>
 
@@ -382,18 +383,18 @@
 # <i>getent passwd|grep 0:0</i>
 
 <comment>(You should get two entries back:)</comment>
-root:x:0:0:root:/root:/bin/bash 
+root:x:0:0:root:/root:/bin/bash
 root:x:0:0:root:/root:/bin/bash
 </pre>
 
 <p>
 If you noticed one of the lines you pasted into your <path>/etc/ldap.conf</path>
-was commented out (the <c>rootbinddn</c> line): you don't need it unless you 
-want to change a user's password as superuser. In this case you need to echo 
-the root password to <path>/etc/ldap.secret</path> in plaintext. This is 
-<brite>DANGEROUS</brite> and should be chmoded to 600. What I do is keep that 
-file blank and when I need to change someones password thats both in the ldap 
-and <path>/etc/passwd</path> I put the pass in there for 10 seconds while I 
+was commented out (the <c>rootbinddn</c> line): you don't need it unless you
+want to change a user's password as superuser. In this case you need to echo
+the root password to <path>/etc/ldap.secret</path> in plaintext. This is
+<brite>DANGEROUS</brite> and should be chmoded to 600. What I do is keep that
+file blank and when I need to change someones password thats both in the ldap
+and <path>/etc/passwd</path> I put the pass in there for 10 seconds while I
 change it and remove it when I'm done.
 </p>
 
@@ -424,10 +425,10 @@
 </pre>
 
 <p>
-This gives you access to everything a user should be able to change. If it's 
-your information, then you got write access to it; if it's another user their 
-information then you can read it; anonymous people can send a login/pass to get 
-logged in. There are four levels, ranking them from lowest to greatest: <c>auth 
+This gives you access to everything a user should be able to change. If it's
+your information, then you got write access to it; if it's another user their
+information then you can read it; anonymous people can send a login/pass to get
+logged in. There are four levels, ranking them from lowest to greatest: <c>auth
 search read write</c>.
 </p>
 
@@ -443,7 +444,7 @@
   by anonymous auth
   by self write
   by * none
-  
+
 access to *
   by dn="uid=root,ou=People,dc=genfic,dc=com" write
   by * search
@@ -451,11 +452,11 @@
 
 <p>
 This example gives root and John access to read/write/search
-for everything in the the tree below <path>dc=genfic,dc=com</path>. This also 
-lets users change their own <path>userPassword</path>'s. As for the ending 
-statement everyone else just has a search ability meaning they can fill in a 
-search filter, but can't read the search results. Now you can have multiple 
-acls but the rule of the thumb is it processes from bottom up, so your 
+for everything in the the tree below <path>dc=genfic,dc=com</path>. This also
+lets users change their own <path>userPassword</path>'s. As for the ending
+statement everyone else just has a search ability meaning they can fill in a
+search filter, but can't read the search results. Now you can have multiple
+acls but the rule of the thumb is it processes from bottom up, so your
 toplevel should be the most restrictive ones.
 </p>
 
@@ -472,7 +473,7 @@
 <p>
 You can start using the directory to authenticate users in
 apache/proftpd/qmail/samba. You can manage it with Webmin, which provides an
-easy management interface. You can also use phpldapadmin, luma, diradm or lat. 
+easy management interface. You can also use phpldapadmin, luma, diradm or lat.
 </p>
 
 </body>
@@ -485,7 +486,7 @@
 <body>
 
 <p>
-We would like to thank Matt Heler for lending us his box for the purpose of 
+We would like to thank Matt Heler for lending us his box for the purpose of
 this guide. Thanks also go to the cool guys in #ldap @ irc.freenode.net
 </p>
 



-- 
gentoo-doc-cvs@lists.gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: ldap-howto.xml

[Joshua Saddler]

nightmorph    08/09/13 01:08:38

  Modified:             ldap-howto.xml
  Log:
  updated ldap draft for bug 237535

Revision  Changes    Path
1.38                 xml/htdocs/doc/en/ldap-howto.xml

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?rev=1.38&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?rev=1.38&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?r1=1.37&r2=1.38

Index: ldap-howto.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38
--- ldap-howto.xml	23 May 2008 20:02:50 -0000	1.37
+++ ldap-howto.xml	13 Sep 2008 01:08:38 -0000	1.38
@@ -1,5 +1,5 @@
 <?xml version='1.0' encoding='UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.37 2008/05/23 20:02:50 swift Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.38 2008/09/13 01:08:38 nightmorph Exp $ -->
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
 <guide link="/doc/en/ldap-howto.xml" disclaimer="draft">
@@ -31,8 +31,8 @@
 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
 <license/>
 
-<version>0.23</version>
-<date>2008-01-01</date>
+<version>1</version>
+<date>2008-09-12</date>
 
 <chapter>
 <title>Getting Started with OpenLDAP</title>
@@ -249,7 +249,7 @@
 </p>
 
 <pre caption = "Test the SLAPd daemon">
-# <i>ldapsearch -D "cn=Manager,dc=genfic,dc=com" -W</i>
+# <i>ldapsearch -x -D "cn=Manager,dc=genfic,dc=com" -W</i>
 </pre>
 
 <p>

[gentoo-doc-cvs] cvs commit: ldap-howto.xml

[Joshua Saddler]

nightmorph    08/11/11 23:28:44

  Modified:             ldap-howto.xml
  Log:
  updates to the LDAP draft, bug 176075

Revision  Changes    Path
1.39                 xml/htdocs/doc/en/ldap-howto.xml

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?rev=1.39&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?rev=1.39&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?r1=1.38&r2=1.39

Index: ldap-howto.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v
retrieving revision 1.38
retrieving revision 1.39
diff -u -r1.38 -r1.39
--- ldap-howto.xml	13 Sep 2008 01:08:38 -0000	1.38
+++ ldap-howto.xml	11 Nov 2008 23:28:44 -0000	1.39
@@ -1,5 +1,5 @@
 <?xml version='1.0' encoding='UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.38 2008/09/13 01:08:38 nightmorph Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.39 2008/11/11 23:28:44 nightmorph Exp $ -->
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
 <guide link="/doc/en/ldap-howto.xml" disclaimer="draft">
@@ -31,8 +31,8 @@
 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
 <license/>
 
-<version>1</version>
-<date>2008-09-12</date>
+<version>2</version>
+<date>2008-11-11</date>
 
 <chapter>
 <title>Getting Started with OpenLDAP</title>
@@ -106,7 +106,7 @@
 
 <p>
 Interested users are encouraged to read the <uri
-link="http://www.openldap.org/doc/admin21/">OpenLDAP Admin Guide</uri>.
+link="http://www.openldap.org/doc/admin23/">OpenLDAP Admin Guide</uri>.
 </p>
 
 </body>
@@ -152,11 +152,11 @@
 </note>
 
 <p>
-Lets first emerge all necessary components on our server:
+Let's first emerge OpenLDAP:
 </p>
 
 <pre caption="Install OpenLDAP">
-# <i>emerge ">=net-nds/openldap-2.3.38" pam_ldap nss_ldap</i>
+# <i>emerge openldap</i>
 </pre>
 
 <p>
@@ -164,7 +164,7 @@
 </p>
 
 <pre caption="Generate password">
-# slappasswd
+# <i>slappasswd</i>
 New password: my-password
 Re-enter new password: my-password
 {SSHA}EzP6I82DZRnW+ou6lyiXHGxSpSOw2XO4
@@ -473,7 +473,8 @@
 <p>
 You can start using the directory to authenticate users in
 apache/proftpd/qmail/samba. You can manage it with Webmin, which provides an
-easy management interface. You can also use phpldapadmin, luma, diradm or lat.
+easy management interface. You can also use phpldapadmin, luma, diradm,
+jxplorer, or lat.
 </p>
 
 </body>