From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from <gentoo-doc-cvs+bounces-3204-garchives=archives.gentoo.org@lists.gentoo.org>) id 1JzdTa-0000PM-Hb for garchives@archives.gentoo.org; Fri, 23 May 2008 20:02:55 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id ACA99E0433; Fri, 23 May 2008 20:02:52 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 63F95E0433 for <gentoo-doc-cvs@lists.gentoo.org>; Fri, 23 May 2008 20:02:52 +0000 (UTC) Received: from stork.gentoo.org (stork.gentoo.org [64.127.104.133]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id F09C2B4024 for <gentoo-doc-cvs@lists.gentoo.org>; Fri, 23 May 2008 20:02:51 +0000 (UTC) Received: from swift by stork.gentoo.org with local (Exim 4.69) (envelope-from <swift@stork.gentoo.org>) id 1JzdTW-00017o-L1 for gentoo-doc-cvs@lists.gentoo.org; Fri, 23 May 2008 20:02:50 +0000 To: gentoo-doc-cvs@lists.gentoo.org Subject: [gentoo-doc-cvs] cvs commit: ldap-howto.xml Message-Id: <E1JzdTW-00017o-L1@stork.gentoo.org> From: Sven Vermeulen <swift@stork.gentoo.org> Date: Fri, 23 May 2008 20:02:50 +0000 Precedence: bulk List-Post: <mailto:gentoo-doc-cvs@lists.gentoo.org> List-Help: <mailto:gentoo-doc-cvs+help@lists.gentoo.org> List-Unsubscribe: <mailto:gentoo-doc-cvs+unsubscribe@lists.gentoo.org> List-Subscribe: <mailto:gentoo-doc-cvs+subscribe@lists.gentoo.org> List-Id: Gentoo Linux mail <gentoo-doc-cvs.gentoo.org> X-BeenThere: gentoo-doc-cvs@lists.gentoo.org Reply-to: docs-team@lists.gentoo.org X-Archives-Salt: d798caf7-bbc0-49d9-848b-0d5869c67007 X-Archives-Hash: 9e01d95ec2e4484dba5821acef4a6fb5 swift 08/05/23 20:02:50 Modified: ldap-howto.xml Log: Coding style Revision Changes Path 1.37 xml/htdocs/doc/en/ldap-howto.xml file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?rev=1.37&view=markup plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?rev=1.37&content-type=text/plain diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/ldap-howto.xml?r1=1.36&r2=1.37 Index: ldap-howto.xml =================================================================== RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v retrieving revision 1.36 retrieving revision 1.37 diff -u -r1.36 -r1.37 --- ldap-howto.xml 2 Jan 2008 00:45:06 -0000 1.36 +++ ldap-howto.xml 23 May 2008 20:02:50 -0000 1.37 @@ -1,5 +1,5 @@ <?xml version='1.0' encoding='UTF-8'?> -<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.36 2008/01/02 00:45:06 nightmorph Exp $ --> +<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldap-howto.xml,v 1.37 2008/05/23 20:02:50 swift Exp $ --> <!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> <guide link="/doc/en/ldap-howto.xml" disclaimer="draft"> @@ -69,7 +69,7 @@ transaction support or roll-back functionality. Directories are easily replicated to increase availability and reliability. When directories are replicated, temporary inconsistencies are allowed as long as they -get synchronised eventually. +get synchronised eventually. </p> </body> @@ -92,7 +92,7 @@ dc: genfic <comment>(Organisation)</comment> / \ ou: people servers <comment>(Organisational Units)</comment> - / \ .. + / \ .. uid: .. jhon <comment>(OU-specific data)</comment> </pre> @@ -227,7 +227,7 @@ </pre> <p> -Now edit <path>/etc/conf.d/slapd</path> and add the following, commenting out +Now edit <path>/etc/conf.d/slapd</path> and add the following, commenting out the existing line: </p> @@ -294,7 +294,8 @@ </pre> <p> -Now add the following lines in the right places to <path>/etc/pam.d/system-auth</path>: +Now add the following lines in the right places to +<path>/etc/pam.d/system-auth</path>: </p> <pre caption="/etc/pam.d/system-auth"> @@ -354,7 +355,7 @@ </pre> <p> -Next, copy over the (OpenLDAP) <path>ldap.conf</path> file from the server to +Next, copy over the (OpenLDAP) <path>ldap.conf</path> file from the server to the client so the clients are aware of the LDAP environment: </p> @@ -382,18 +383,18 @@ # <i>getent passwd|grep 0:0</i> <comment>(You should get two entries back:)</comment> -root:x:0:0:root:/root:/bin/bash +root:x:0:0:root:/root:/bin/bash root:x:0:0:root:/root:/bin/bash </pre> <p> If you noticed one of the lines you pasted into your <path>/etc/ldap.conf</path> -was commented out (the <c>rootbinddn</c> line): you don't need it unless you -want to change a user's password as superuser. In this case you need to echo -the root password to <path>/etc/ldap.secret</path> in plaintext. This is -<brite>DANGEROUS</brite> and should be chmoded to 600. What I do is keep that -file blank and when I need to change someones password thats both in the ldap -and <path>/etc/passwd</path> I put the pass in there for 10 seconds while I +was commented out (the <c>rootbinddn</c> line): you don't need it unless you +want to change a user's password as superuser. In this case you need to echo +the root password to <path>/etc/ldap.secret</path> in plaintext. This is +<brite>DANGEROUS</brite> and should be chmoded to 600. What I do is keep that +file blank and when I need to change someones password thats both in the ldap +and <path>/etc/passwd</path> I put the pass in there for 10 seconds while I change it and remove it when I'm done. </p> @@ -424,10 +425,10 @@ </pre> <p> -This gives you access to everything a user should be able to change. If it's -your information, then you got write access to it; if it's another user their -information then you can read it; anonymous people can send a login/pass to get -logged in. There are four levels, ranking them from lowest to greatest: <c>auth +This gives you access to everything a user should be able to change. If it's +your information, then you got write access to it; if it's another user their +information then you can read it; anonymous people can send a login/pass to get +logged in. There are four levels, ranking them from lowest to greatest: <c>auth search read write</c>. </p> @@ -443,7 +444,7 @@ by anonymous auth by self write by * none - + access to * by dn="uid=root,ou=People,dc=genfic,dc=com" write by * search @@ -451,11 +452,11 @@ <p> This example gives root and John access to read/write/search -for everything in the the tree below <path>dc=genfic,dc=com</path>. This also -lets users change their own <path>userPassword</path>'s. As for the ending -statement everyone else just has a search ability meaning they can fill in a -search filter, but can't read the search results. Now you can have multiple -acls but the rule of the thumb is it processes from bottom up, so your +for everything in the the tree below <path>dc=genfic,dc=com</path>. This also +lets users change their own <path>userPassword</path>'s. As for the ending +statement everyone else just has a search ability meaning they can fill in a +search filter, but can't read the search results. Now you can have multiple +acls but the rule of the thumb is it processes from bottom up, so your toplevel should be the most restrictive ones. </p> @@ -472,7 +473,7 @@ <p> You can start using the directory to authenticate users in apache/proftpd/qmail/samba. You can manage it with Webmin, which provides an -easy management interface. You can also use phpldapadmin, luma, diradm or lat. +easy management interface. You can also use phpldapadmin, luma, diradm or lat. </p> </body> @@ -485,7 +486,7 @@ <body> <p> -We would like to thank Matt Heler for lending us his box for the purpose of +We would like to thank Matt Heler for lending us his box for the purpose of this guide. Thanks also go to the cool guys in #ldap @ irc.freenode.net </p> -- gentoo-doc-cvs@lists.gentoo.org mailing list