>
>
>>I switched the (non-system) users on my system to ldap only --> removed
>>them from the local passwd, group and shadow files. A number of things
>>broke:
>>
>> * postfix didn't know the users anymore and started rejecting mail
>> for them :
>>
>> Feb 1 10:49:44 taz postfix/smtpd[26026]: 781749EB3B: reject: RCPT
>> from mia8.macon.nl[212.83.208.254]: 450 <stefaneijk.nu>: User
>> unknown in local recipient table;
>> from=<stefan.v.d.eijklogicacmg.com> proto=ESMTP helo=<mia8.macon.nl>
>>
>> I fixed it by adding these lines to the /etc/postfix/main.cf
>> ===
>> ldap_timeout=10
>> ldap_search_base=dc=eijk,dc=nu
>> ldap_server_host=localhost
>> ldap_server_port=389
>> ldap_query_filter=(mailacceptinggeneralid=%s)
>> ldap_cache=no
>> ===
>>
>>
>
>
>Do you have attribute 'mailacceptinggeneralid' on your users?
>
No, I don't think so.

>I initiall used openldap-migration, which gave me something like 'mail', so
>
>I haven't actually gotten around to switching our mail server (postfix on 8.0) to
>use ldap directly, it picks them up fine off nss_ldap.
>
It didn't on mine...

>> * local users can't login with X11. I'm only running nss_ldap on the
>> client, not the pam stuff (yet).
>>
>>
>
>You mean users who are not in LDAP?
>
Sorry, I meant ldap users.... --> users that are in ldap, but not in the
local passwd file.

>>Other issues:
>>
>> * mandrake's openldap-servers-2.0.27-4mdk package still borks on my
>> box. I needed to recompile it on my box to get it to work with the
>> ldap database I already had. I've asked Florin if he had actually
>> tested the package --> run an ldap server on it, but didn't get a
>> reply from him (yet). Has anybody been succesful running an ldap
>> server on cooker's openldap-servers-2.0.27-4mdk package?
>>
>>
>
>I am, but I did 'ldapsearch -x -D "$rootdn" -W -h master|su ldap -c
>'slapadd' to get the db entries across from the master ldap server ..
>
So there was a problem... But what is the real problem? I've rebuilt the
package on my system, and the Requires of the package came out a bit
different:

http://eijk.homelinux.org/build/cooker/requires/i586/openldap-2.0.27-4mdk.src.rpm.txt

Requires openldap-servers
15d14
< libgdbm.so.2

I guess the libgdbm is the problem. It seems to be there on the cooker
package, but missing on the one my box built. Missing BuildRequires...

>> * the ssh stuff. When I turned off "ssl start_tls" and when back to
>> "ssl off" in /etc/ldap.conf ssh allowed me to login again.
>>
>>
>
>I am getting this now on my cooker box, I still need to test if it affects
>machine not using the local ldap, because mine was working when it was
>doing referral to the master ldap server, which happened I think due to
>the above issue ....
>
On any of my boxes: turn on "ssl start_tls" and ssh borks. Turn it off,
and "ssl off" on, and it works...

>> * the MySQL problem
>>
>>
>
>I will make a patch for Warly, but the fix was posted a few days back ...
>so it works for me now.
>
>Have you taken a look at the ldap wizard?
>
Not yet...

Stefan

• application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]