From: Sven Vermeulen <swift@stork.gentoo.org>
To: gentoo-doc-cvs@lists.gentoo.org
Subject: [gentoo-doc-cvs] cvs commit: ldap-howto.xml
Date: Fri, 23 May 2008 20:02:50 +0000 [thread overview]
Message-ID: <E1JzdTW-00017o-L1@stork.gentoo.org> (raw)
swift 08/05/23 20:02:50
Modified: ldap-howto.xml
Log:
Coding style
Revision Changes Path
1.37 xml/htdocs/doc/en/ldap-howto.xml
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?rev=1.37&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?rev=1.37&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?r1=1.36&r2=1.37
Index: ldap-howto.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- ldap-howto.xml 2 Jan 2008 00:45:06 -0000 1.36
+++ ldap-howto.xml 23 May 2008 20:02:50 -0000 1.37
@@ -1,5 +1,5 @@
<?xml version='1.0' encoding='UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.36 2008/01/02 00:45:06 nightmorph Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.37 2008/05/23 20:02:50 swift Exp $ -->
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
<guide link="/doc/en/ldap-howto.xml" disclaimer="draft">
@@ -69,7 +69,7 @@
transaction support or roll-back functionality. Directories are easily
replicated to increase availability and reliability. When directories
are replicated, temporary inconsistencies are allowed as long as they
-get synchronised eventually.
+get synchronised eventually.
</p>
</body>
@@ -92,7 +92,7 @@
dc: genfic <comment>(Organisation)</comment>
/ \
ou: people servers <comment>(Organisational Units)</comment>
- / \ ..
+ / \ ..
uid: .. jhon <comment>(OU-specific data)</comment>
</pre>
@@ -227,7 +227,7 @@
</pre>
<p>
-Now edit <path>/etc/conf.d/slapd</path> and add the following, commenting out
+Now edit <path>/etc/conf.d/slapd</path> and add the following, commenting out
the existing line:
</p>
@@ -294,7 +294,8 @@
</pre>
<p>
-Now add the following lines in the right places to <path>/etc/pam.d/system-auth</path>:
+Now add the following lines in the right places to
+<path>/etc/pam.d/system-auth</path>:
</p>
<pre caption="/etc/pam.d/system-auth">
@@ -354,7 +355,7 @@
</pre>
<p>
-Next, copy over the (OpenLDAP) <path>ldap.conf</path> file from the server to
+Next, copy over the (OpenLDAP) <path>ldap.conf</path> file from the server to
the client so the clients are aware of the LDAP environment:
</p>
@@ -382,18 +383,18 @@
# <i>getent passwd|grep 0:0</i>
<comment>(You should get two entries back:)</comment>
-root:x:0:0:root:/root:/bin/bash
+root:x:0:0:root:/root:/bin/bash
root:x:0:0:root:/root:/bin/bash
</pre>
<p>
If you noticed one of the lines you pasted into your <path>/etc/ldap.conf</path>
-was commented out (the <c>rootbinddn</c> line): you don't need it unless you
-want to change a user's password as superuser. In this case you need to echo
-the root password to <path>/etc/ldap.secret</path> in plaintext. This is
-<brite>DANGEROUS</brite> and should be chmoded to 600. What I do is keep that
-file blank and when I need to change someones password thats both in the ldap
-and <path>/etc/passwd</path> I put the pass in there for 10 seconds while I
+was commented out (the <c>rootbinddn</c> line): you don't need it unless you
+want to change a user's password as superuser. In this case you need to echo
+the root password to <path>/etc/ldap.secret</path> in plaintext. This is
+<brite>DANGEROUS</brite> and should be chmoded to 600. What I do is keep that
+file blank and when I need to change someones password thats both in the ldap
+and <path>/etc/passwd</path> I put the pass in there for 10 seconds while I
change it and remove it when I'm done.
</p>
@@ -424,10 +425,10 @@
</pre>
<p>
-This gives you access to everything a user should be able to change. If it's
-your information, then you got write access to it; if it's another user their
-information then you can read it; anonymous people can send a login/pass to get
-logged in. There are four levels, ranking them from lowest to greatest: <c>auth
+This gives you access to everything a user should be able to change. If it's
+your information, then you got write access to it; if it's another user their
+information then you can read it; anonymous people can send a login/pass to get
+logged in. There are four levels, ranking them from lowest to greatest: <c>auth
search read write</c>.
</p>
@@ -443,7 +444,7 @@
by anonymous auth
by self write
by * none
-
+
access to *
by dn="uid=root,ou=People,dc=genfic,dc=com" write
by * search
@@ -451,11 +452,11 @@
<p>
This example gives root and John access to read/write/search
-for everything in the the tree below <path>dc=genfic,dc=com</path>. This also
-lets users change their own <path>userPassword</path>'s. As for the ending
-statement everyone else just has a search ability meaning they can fill in a
-search filter, but can't read the search results. Now you can have multiple
-acls but the rule of the thumb is it processes from bottom up, so your
+for everything in the the tree below <path>dc=genfic,dc=com</path>. This also
+lets users change their own <path>userPassword</path>'s. As for the ending
+statement everyone else just has a search ability meaning they can fill in a
+search filter, but can't read the search results. Now you can have multiple
+acls but the rule of the thumb is it processes from bottom up, so your
toplevel should be the most restrictive ones.
</p>
@@ -472,7 +473,7 @@
<p>
You can start using the directory to authenticate users in
apache/proftpd/qmail/samba. You can manage it with Webmin, which provides an
-easy management interface. You can also use phpldapadmin, luma, diradm or lat.
+easy management interface. You can also use phpldapadmin, luma, diradm or lat.
</p>
</body>
@@ -485,7 +486,7 @@
<body>
<p>
-We would like to thank Matt Heler for lending us his box for the purpose of
+We would like to thank Matt Heler for lending us his box for the purpose of
this guide. Thanks also go to the cool guys in #ldap @ irc.freenode.net
</p>
--
gentoo-doc-cvs@lists.gentoo.org mailing list
next reply other threads:[~2008-05-23 20:02 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-23 20:02 Sven Vermeulen [this message]
-- strict thread matches above, loose matches on Subject: below --
2008-11-11 23:28 [gentoo-doc-cvs] cvs commit: ldap-howto.xml Joshua Saddler
2008-09-13 1:08 Joshua Saddler
2008-01-02 0:45 Joshua Saddler
2006-01-26 14:34 Xavier Neys
2005-12-19 12:05 Jan Kundrat
2005-10-21 20:43 swift
2005-10-11 20:06 Shyam Mani
2005-10-08 15:09 Jan Kundrat
2005-10-01 19:22 swift
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E1JzdTW-00017o-L1@stork.gentoo.org \
--to=swift@stork.gentoo.org \
--cc=docs-team@lists.gentoo.org \
--cc=gentoo-doc-cvs@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox