Difference between revisions of "LDAP"

From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search
Line 3: Line 3:
 
These are some random notes, until we can organize this better:
 
These are some random notes, until we can organize this better:
  
* LDAP runs on einsten. For passwords and such it is protected with TSL encryption. (See [[Certificates]] The certificate is valid for einstein.unh.ede and einstein.farm.physics.unh.edu. However, if your node has a bad system time, the certificate may look like it is from the future and will not be accepted. So check system time if users cannot log in.
+
* LDAP runs on einstein. For passwords and such it is protected with TSL encryption. (See [[Certificates]] The certificate is valid for einstein.unh.edu and einstein.farm.physics.unh.edu. However, if your node has a bad system time, the certificate may look like it is from the future and will not be accepted. So check system time if users cannot log in.
 
* The best way to check whether LDAP is working is ''getent passwd'', which should show user passwords. If it does not work, then ''ldapsearch -ZZ '(uid=silas)' '' may give more diagnostics. Try 'ldapsearch -x '(uid=silas)' '' to test LDAP without using the encruption layer.
 
* The best way to check whether LDAP is working is ''getent passwd'', which should show user passwords. If it does not work, then ''ldapsearch -ZZ '(uid=silas)' '' may give more diagnostics. Try 'ldapsearch -x '(uid=silas)' '' to test LDAP without using the encruption layer.
 
* You configure LDAP in '''two locations''': /etc/ldap.conf and /etc/openldap/ldap.conf. Here you set the host that is serving the information.
 
* You configure LDAP in '''two locations''': /etc/ldap.conf and /etc/openldap/ldap.conf. Here you set the host that is serving the information.

Revision as of 18:01, 25 May 2007

We are running an LDAP server on Einstein. This server serves up the user information (passwd and shadow) and also lists of servers and workstations which tie into various permission schemes. The overall setup seems somewhat complicated at first, so this documentation is much needed.

These are some random notes, until we can organize this better:

  • LDAP runs on einstein. For passwords and such it is protected with TSL encryption. (See Certificates The certificate is valid for einstein.unh.edu and einstein.farm.physics.unh.edu. However, if your node has a bad system time, the certificate may look like it is from the future and will not be accepted. So check system time if users cannot log in.
  • The best way to check whether LDAP is working is getent passwd, which should show user passwords. If it does not work, then ldapsearch -ZZ '(uid=silas)' may give more diagnostics. Try 'ldapsearch -x '(uid=silas)' to test LDAP without using the encruption layer.
  • You configure LDAP in two locations: /etc/ldap.conf and /etc/openldap/ldap.conf. Here you set the host that is serving the information.

Some outside web pages for more info: