Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Stefan van der Eijk (stefan_at_eijk.nu)
Date: Sat Feb 01 2003 - 08:00:24 CST
I switched the (non-system) users on my system to ldap only --> removed
them from the local passwd, group and shadow files. A number of things
* postfix didn't know the users anymore and started rejecting mail
for them :
Feb 1 10:49:44 taz postfix/smtpd: 781749EB3B: reject: RCPT
from mia8.macon.nl[220.127.116.11]: 450 <stefaneijk.nu>: User
unknown in local recipient table;
from=<stefan.v.d.eijklogicacmg.com> proto=ESMTP helo=<mia8.macon.nl>
I fixed it by adding these lines to the /etc/postfix/main.cf
* local users can't login with X11. I'm only running nss_ldap on the
client, not the pam stuff (yet).
* mandrake's openldap-servers-2.0.27-4mdk package still borks on my
box. I needed to recompile it on my box to get it to work with the
ldap database I already had. I've asked Florin if he had actually
tested the package --> run an ldap server on it, but didn't get a
reply from him (yet). Has anybody been succesful running an ldap
server on cooker's openldap-servers-2.0.27-4mdk package?
* the ssh stuff. When I turned off "ssl start_tls" and when back to
"ssl off" in /etc/ldap.conf ssh allowed me to login again.
* the MySQL problem
Buchan Milne wrote:
>We're completing our LDAP setup now, in conjunction with the samba-ldap
>packages, and it is really starting to work well (except for the small
>niggles such as with ssh/ssl etc).
>So, I am trying to make setting up an LDAP server easier, and I would
>also appreciate feedback on the samba-ldap stuff from others who are
>using it (or just LDAP, but might want better tools).
>I don't know if it's appropriate for this list, and may be too
>high-volume for discussmandrakesecure.net, so if you're interested in
>working on these issues, mail me off-list (unless significant numbers
>think it should stay on-list) and I will cc everyone tomorrow to get going.
>In the meantime, here is the wizard I have started on. I am not sure if
>drakwizard is rich enough for this (we will need a password entry field,
>which I don't think drakwizard supports, and for importing ldap entries
>a progress dialog would be nice), but I think it's worth a start.
>However, since I'm not good with perl, it would help if someone who is
>could lend a hand, I can tell you exactly what I need done, and
>prototype in bash ...
>To try the drakwizard:
>and untar it in /usr/share/wizards
>Goal is to provide a gui that does all the basics:
>1)Setup ldap server in master or slave
>1a)if master, be able to import data from the system (with
>openldap-migration and another script for samba users)
>1b)If slave, be able to import data from the master via 'ldapsearch -x
>-h master -D "$rootdn" -w "$rootpw"|su ldap - -c "slapadd -c"
>2)Be able to add/remove slave servers to a master server, so that you
>can setup a slave server in 1b (prompting when to do what on the other
- application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature