Re: LDAP Expert's help please
1.- Be shure what service is what. I mean, if youre running imap, we are
talking about 10 different possible imap servers that are provided in
debian. So, make shure you know which of them are you running. Same goes
for smtp, ftp...etc.
2.- Each of those you can research separately to see where are their
auth settings taken care of. If you can assert that no funnny ldap/ldap
auth stuff is happening in each config file, you can start looking at
PAM to see if everything is being authed there (a shure hit is that
there is a config file for each service in the pam.d config directory,
and the services are directed to auth against PAM -most, but not
necesarily all, are by default- ).
3.- LDAP is an easy thing. It aint much really, just data ordered to
some schema. So, the sysadm is right if he says with the root password
you can check everything out.
4.- You can possibly get whats the diff between what ldap.conf is by
default, and what does it look like now. A big part of this thing is
what schema files are included in this file. That will tell you at least
what schemas your ldap server supports appart from the default. For
example, if you are using qmail as the smtp, there will probably be a
file with the speciffic qmail-ldap schema (carefull about assumptions,
thats not true the other way arround, nor is it analogous in every other
mta).
On Tue, 2004-11-23 at 12:13 -0700, Omar wrote:
> Hi Alex,
> The problem is that reading the documentation assumes that you are starting
> from Scratch, and installing everything. Which in turn means that you have the
> passwords and all the settings, but I am starting it backwards, everything is
> there, and I need to dig it up. The previous admin said that with root password
> everything can be figured out. Partially true, but it is time consuming.
> How can I find out if the system is using PAM against LDAP, in the
> documentation it says using LDAP authentication nothing else.
> As for the insurance I am up for the challenge, but it'a ironic as I work for
> an ISP and I don't have the net at home, which would greatly help me :(
> I have downloaded an LDAP browser, but had no luck connecting to the server. I
> used slapcat to get user info, but it doesn't mean much to me, since I can't
> figure out how to create a new user, using which schema and so on. Life goes on
> :) Thanks for teh suggestion I am looking at the Safari bookself right now :)
> Omar
>
> On Tue Nov 23 11:30 , Alex Borges <alex@co.com.mx> sent:
>
> >1) Relax. Youre in the right place.
> >2) Worry. You need to learn ldap fast
> >3) Use GQ (ldap browser) to get an idea of whats in there
> >4) Get a safari account and get yourself a couple of good ldap books.
> >5) Read the most relevant chapters for an intro to htf (how the fuck)
> >does this ldap stuff works
> >5.bis) Many of the apps that are being ldap authentified may support
> >ldap directly (can be a lame setup unless you know what youre doing), or
> >really everyone is authenting against PAM, and then thats against LDAP
> >(better setup in many medium to small cases) which is plain POSIX over
> >ldap which point 5 will clear up best. I do hope youre in this later
> >scenario.
> >6) Be shure to have medical inssurance. Throwing you to the lions like
> >this can cause permanent health damage due to stress.
> >
> >
> >:)
> >
> >If everything fails. Send an RFP here. Many will gleefully charge some
> >money and fix your stuff straight up.
> >
> >
> >
> >On Tue, 2004-11-23 at 10:49 -0700, Omar wrote:
> >> Hi all,
> >> I need help with LDAP. I just got two servers that use LDAP authentication for
> >> FTP, E-mail and other login's, problem is I only got the root user name and
> >> password. I have no idea how to reverse engineer the login's and schema info and
> >> so on.. Any and all help is appreciated :) Thanks in Advance, Omar
> >>
> >>
> >
> >
> >--
> >To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
> >with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> >
>
>
Reply to: