Diane Trout (alienghic) wrote,
Diane Trout
alienghic

smacks head repeadedly

So after discovering the NIS insecurity and wanting to keep UIDs and passwords synced between linux and mac-on-linux on my laptop I started playing with trying to get LDAP to do authentication.

I struggled, fought, watched slapd spew log information, enabled debugging in libnss-ldap, and then finally discovered why it didn't work for users.

the file /etc/libnss-ldap.conf needs to be world readable for apps being run by the user to figure out what ldap server they should talk to. I felt victorious and then removed my identity from the password file.

Which promptly failed, after putting my IDs back in the password file I worked for another day, finally discovering that when I'd reinstalled libnss-ldap it changed the root bind name so which meant that all of the services running as root couldn't connect to the ldap server. Meaning no logins.

But I resolved both problems--after several days of trying.

At least I learned quite a bit about ldap in the process.

As soon as I figure out how to create certificates I can try SSL enabled ldap which can replace NIS.

Though AFS looks to be an interesting replacement for NFS and would require setting up kerberos as well.
Subscribe

  • Guild Wars 2

    I started playing Guild Wars 2, and am happy their questing system has broken with WoW's current quest design. As WoW grew they "simplified" and…

  • calendar.

    Its been a really long time since I tried to write. I keep meaning to roll my own blog software, but there's so many other things I should be doing.…

  • Building debian packages for mozilla's sync server

    I'm surprised this seems to have gotten valid debian packages with a minimum of fuss for a package where I couldn't find a recommended release…

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments