Archive for April, 2007

If, when trying to start ldap, you get this error in the logs:

slapd[5053]: main: TLS init def ctx failed: -1

The problem is the owner/group of the ssl certificate. The certificate that slapd uses must be owned by ldap and in group ldap.

Posted by maryh on April 26, 2007 at 11:24 am under Ldap.
Comments Off on Ldap Error.

Now that pGina and ldap are working together, I need to find a way to mount disks automatically when a user logs in. My current samba setup won’t work because it uses our win2000 domain as the password server. I want it to use our ldap server. So, I need to change our samba setup.

The following are notes I took during my attempt to get this all working:

cd /etc/openldap/schema
cp /usr/share/doc/samba-3.0.10/LDAP/samba.schema .
chown ldap.ldap samba.schema
cd ..
vi slapd.conf <---Add line include /etc/openldap/schema/samba.schema /etc/rc.d/init.d/smb restart Since I don't want to screw up my currently running server, I've installed a clean copy of RHEL4 on a new machine, gray. It's ip address is only visible on-campus, so I shouldn't have any problems. On my new machine, I need to set up ldap and samba. Start with LDAP: -Install openldap-servers, which does not get installed by default because I'm not using a server version of RHEL. -Copied the info for slapd.conf and ldap.conf from regular server and added some dummy data with: ldapadd -x -D "cn=Manager,dc=gray,dc=uchicago,dc=edu" -W -f initial.ldif -Edit /etc/pam.d/system-auth -Edit /etc/nsswitch.conf I'm sure I have to restart something to get this to work, but I can't remember what. So, I'll just reboot. After rebooting, I'm unable to login as root, so I goofed something up. I think it's better to run authconfig, than to try to do this manually. So, I'll boot into single-user mode, undo what I did and do that. During authconfig, it insisted that I copy slapd.pem to /etc/openldap/cacerts. I did this, but then when I would try to log in, I'd get an error that it couldn't find group ID 200 or user ID 205. So, I then deleted slapd.pem and took the line referencing it out of slapd.conf.

Posted by maryh on April 25, 2007 at 10:23 am under Ldap, pGina, Samba.
Comments Off on Samba, Ldap and pGina–Mounting Disks.

The ultimate goal is to have one place to create logins and have them be valid on all machines, linux, mac or windows. Ldap takes care of this for linux (and mac, I think). I’ve just installed a program called pGina that allows ldap to work for windows as well. In the test in parallels on my mac laptop, it worked fine. The only problem was in mounting the samba drives, but I think I’ll be able to work with that.

Posted by maryh on April 25, 2007 at 8:40 am under Ldap, pGina, Server, Software.
Comments Off on pGina and ldap.