Comments on Installing And Configuring OpenLDAP On Ubuntu Intrepid Ibex

Installing And Configuring OpenLDAP On Ubuntu Intrepid Ibex With Ubuntu 8.10 Intrepid Ibex, the way OpenLDAP is used and configured has changed. In Intrepid, OpenLDAP is no longer configured via the slapd.conf file, but via the slapd.d directory that contains ldif files to configure OpenLDAP.

14 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Anonymous

agree with the guy above me, if all the guy/girl in open source community can write "little" informative howto like this, then I'm affraid open source howto website like howtoforge will be bloated with the "Not so good" howto and it will draw people away rather than interest others to come to the site and check the howto!!!

By: Anonymous

It's nice to see that remarks about this work are made.

However here some remarks to take in mind:

- The negative remarks made are by people who do not contribute themselves ==> It is easy to make remarks, but than contribute yourselves something constructive except for flaming people

- If you know better, than write a 'How To' and contribute.

- Last but not least: If one considers that 'How To's' are written by people in their spare time and that it does not always imply that they are 'Professionals in the field' but very ofter home users that post solutions to problems that they have conquered and solved,  and are willing to share with others. Not even taking into account the many hour's and more it might have cost to do so. The least cutesy one could offer and certainly show is to stay polight and if needed provide constructive criticism and / or a helping hand.

Shame on you. Get something for free, but still have the heart to scorn those who try to make an effort and a difference.

After all, why do you visit  howtoforge.org ?

By: Anonymous

Fact is, had I known this a few days earlier, I would not be considering restarting from scratch :)

By: cool g

Bonsoir,

j'ai suivi  les étapes pour créer slapd.d à partir de slapd.conf mais j'ai l'erreur suivante:

bdb_db_open: warning - no DB_CONFIG file found in directory /etc/ldap/slapd.d: (2).
Expect poor performance for suffix "dc=dess,dc=sn".
bdb_db_open: database "dc=dess,dc=sn": db_open(/etc/ldap/slapd.d/id2entry.bdb) failed: No such file or directory (2).
backend_startup_one (type=bdb, suffix="dc=dess,dc=sn"): bi_db_open failed! (2)
slap_startup failed (test would succeed using the -u switch

 je sais pas quel est le répertoire mettre pour directory.

aidez moi svp.

 

By: Anonymous

+1 The title is: Installing And Configuring OpenLDAP On Ubuntu Intrepid Ibex. Then in the preliminary note the author states that this article is not going to talk about that, instead it will demonstrate something useless in Intrepid Ibex. wtf?

By: Dervsh

I have to say - this howto is worth nothing.

A lot more precise is contained in Ubuntu documentation (a month ago was a draft, but steps were described well).

Unfortunately, Debian and Ubuntu versions of OpenLDAP package are compiled against GnuTLS which code is considered unsecure. Google for "GnuTLS considered harmful" to get more details.

The other thing about OpenLDAP GnuTLS based is that it is unable to handle high security protocols only. Using OpenLDAP debug functionality, we will get few errors which IRC support  proposes to solve by recompilation against OpenSSL.

 

Valuable howto about Ubuntu's OpenLDAP package would be:

1) how to compile OpenLDAP against OpenSSL instead of GnuTLS

2) how to configure it

3) how to configure TLS

4) how to configure address book for Thunderbird

 

By: Chris

How community of you.  The dude contributes something to the community and you flame him for it.  Your post would have been fine had it been constructive.  Instead you kicked it off with an insult then provided the information.  The open source community is about ideas and building off of them.  This guy started the conversation, you could have continued and helped to provide something that someone could use.  Next time think twice before you waltz on to a thread and start patting your own back.

By: lolotux

Hi

I had addind freeradius.schema to my LDAP, works fine !
But I would like that "radiusCallingStationId" could be not unique.
So I modify this schema :
attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.7
      NAME 'radiusCallingStationId'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

to this :
attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.7
      NAME 'radiusCallingStationId'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   )

I used a second time your tuto, and the attribute stay unique !

Have you an explanation ?

By

If my english is not perfect, it's because I'm not, I'm French ! :)

By:

J'ai aucune idée pourquoi.

I really don't have a clue. I don't use radius or the schema, so I can't tell you even if your modification of the schema is correct.

By default the schema should be replaced.

By:

J'ai aucune idée pourquoi.

I really don't have a clue. I don't use radius or the schema, so I can't tell you even if your modification of the schema is correct.

By default the schema should be replaced.

Best practice however is to start a forum topic on this. It might also be due to the radius soft you're using.

By: vivikitty

La meilleur façon pour obtenir de l'aide, c'est de poser ta question sur le forum.

The best way to get an answer is to ask your question on the forum ;)

Vivi from live girls

By: Anonymous

+1

 

By: about this work

Thanks for Your comment. You might be right, I should leave my opinion for myself, altrough an author should check Ubuntu documentation. In my opinion original howto is much more precise.

Dear Chris, I'd like to ask You to read some kernel talks. Many guys there wanted to do something. But it wasn't good enough. It just happens. A lot of code requires complete rewrite. My comment wasn't only a flame, but a description what he did wrong. It should help him do it next time much better. It will... or should make his OpenLDAP environment more secure in the future. Maybe he will read about GnuTLS flaws, maybe he will try to use strong security algoritms and will see that it will not work with anything. But - he will know why.

I'd never like to hear from the community that my code is ok, when it isn't. There is always someone who knows something better. That makes us to learn. Take care!

By: GoremanX

The original poster may have been a little rude, but he's right. This howto was quite useless. It provides an antiquated method of configuring OpenLDAP (slapd.conf), explains nothing, and accomplishes nothing. I've been looking for information on setting up and configuring OpenLDAP for a long time, this howto didn't help me at all.