Talk:LDAP authentication

From ArchWiki
Revision as of 01:02, 6 November 2013 by Lonaowna (Talk | contribs) (merge complete)

Jump to: navigation, search

Poor writing

This article needs to include more explanatory information rather than an example of one user's configuration (which may or may not work?). -- pointone 11:41, 17 January 2011 (EST)

Merge?

See also: Secure OpenLDAP Authentication for a Small Network. -- pointone 15:36, 16 February 2011 (EST)

I think that a separate page "LDAP installation" should be created and the relevant topics from these two pages should get merged there. --bubla 16:00, 22 February 2011 (EST)
OpenLDAP has just been created from part of LDAP Authentication, see diff.
To sum up, now we have OpenLDAP, OpenLDAP Authentication and LDAP Authentication. Probably LDAP Authentication should have been just moved to OpenLDAP, and OpenLDAP Authentication should have been merged there. The three articles don't even seem to be well linked with each other, some work should be spent in reorganizing them a bit, or, like proposed, just merging them into one article.
-- Kynikos 09:27, 7 January 2012 (EST)
Also: https://wiki.archlinux.org/index.php/Small_Business_Server_%28Italiano%29/LDAP_Server
I did a little cleanup of OpenLDAP and interlinking with the authentication. I don't use ldap for system authentication so can't help with the merge.
I recommend the OpenLDAP article remain separate from any authentication article. ldap is used for so many things I think it's hard to have a one-size-fits-all article. Hauptmech 09:44, 15 January 2012 (EST)
You've done a good job (although style could be improved a bit in OpenLDAP :P ), hopefully somebody who uses LDAP for authentication will take care of the merge between OpenLDAP Authentication and LDAP Authentication then. You're probably right however, authentication should be left separate from OpenLDAP. -- Kynikos 16:20, 16 January 2012 (EST)
Done :). The PAM section needs some looking in to, though. It works like this but I'm not sure if it could be simplified. --Lonaowna (talk) 01:02, 6 November 2013 (UTC)

Error

Following this guide and the other one out of the box I get the following error when trying to import (ldapadd) or search (ldapsearch)

slapd[20458]: fd=12 DENIED from unknown (127.0.0.1)

And yes I do have slapd in the hosts.allow

Add to /etc/hosts.allow:
slapd: 127.0.0.1
Peleki 11:14, 21 August 2010 (EDT)

Suggestions

If you want hdb as backend, you have to adjust the PKGBUILD to --enable-hdb and rebuild the package

To disable the IPV6 error, add -4 to the slapd init script at line 14 (/usr/sbin/slapd -4 $SLAPD_OPTIONS)

To disable the " openldap configure monitor database to enable" add "database monitor" in /etc/openldap/slapd.conf BEFORE any database backend type (hdb or bdb)

--mvinnicius 19:55, 14 February 2011 (EST)

For the record, it's probably better to add -4 to the SLAPD_OPTIONS variable in /etc/conf.d/slapd than to modify the rc-script. --DJPohly 21:09, 14 February 2011 (EST)

Merge request

See Talk:LDAP_Authentication#Merge?. -- Kynikos 09:31, 7 January 2012 (EST)

Done --Lonaowna (talk) 01:02, 6 November 2013 (UTC)

Overhaul

I started editing the page with the goal of merging it with the LDAP Authentication one and also with the main OpenLDAP article. I rewrote the introduction and added some explanations for the client side like NSS and PAM. I'm gooing to remove the pam_ldap and nss_ldap bit and use nss_pam_ldapd from AUR which is the most uptodate (and robust) version. If anyone has any objections feel free to say so.