Ubuntu
ubuntu-docs package

Bug #355400
Comment #5

Comment 5 for bug 355400

Revision history for this message

Adam Sommer (asommer) wrote on 2009-04-10: Re: [Bug 355400] Re: OpenLDAP doc page is horrible

On Mon, Apr 6, 2009 at 11:33 PM, David Dana <email address hidden> wrote:

> Thanks for your reply, Adam. The draft version of the documentation is
> certainly much better, and I noticed a few updates which solved problems
> I had. I am kind of surprised though that there is a separate draft copy
> - I think a wiki would work much, much better.
>

Sorry, I should have explained doc.ubuntu.com better. That version of the
documentation is created from the development branch for the next Ubuntu
release. It is on the web mostly to ease review of new content.

Because these docs are for the development release not all instructions may
apply to a stable release of Ubuntu. In the case of OpenLDAP section they
happen to apply nicely to Intrepid as well as Jaunty, but that may not be
the case in the future.

It may help to check the development instructions if the released docs don't
have an answer, but I highly recommend using the released version first.

> 3: Copy Config
> cp /etc/ldap.conf /etc/ldap/ldap.conf
>

Not sure why you would do this since these are seperate config files and
have different options? /etc/ldap/ldap.conf is part of the libldap package
which totally separate from libnss-ldap which supplies the /etc/ldap.conf
file.

> 6: Enable cached credentials:
> apt-get install nss-updatedb libnss-db libpam-ccreds
> nss_updatedb ldap
> nano /etc/nsswitch.conf
>
> (edit the passwd and group entries to the following)
>
> passwd: files ldap [NOTFOUND=return] db
> group: files ldap [NOTFOUND=return] db
>
> (create a cron job to update the db daily)
>
> echo '#!/bin/sh' | sudo tee /etc/cron.daily/upd-local-nss-db
> echo `which nss_updatedb` ldap | sudo tee -a
> /etc/cron.daily/upd-local-nss-db
> sudo chmod +x /etc/cron.daily/upd-local-nss-db
>
>
> nano /etc/pam.d/common-auth
>
> (replace with the following text)
>
> auth [success=done default=ignore] pam_unix.so nullok_secure
> try_first_pass
> # If LDAP is unavailable, go to next line. If authentication via
> LDAP is successful, skip 1 line.
> # If LDAP is available, but authentication is NOT successful, skip 2
> lines.
> auth [authinfo_unavail=ignore success=1 default=2] pam_ldap.so
> use_first_pass
> auth [default=done] pam_ccreds.so action=validate use_first_pass
> auth [default=done] pam_ccreds.so action=store
> auth [default=bad] pam_ccreds.so action=update
>

Cached credentials are a good idea, I'll be sure to add that to the Karmic
docs.

--
Party On,
Adam

On Mon, Apr 6, 2009 at 11:33 PM, David Dana <danadf@gmail.com> wrote:

Sorry, I should have explained doc.ubuntu.com better.  That version of the
documentation is created from the development branch for the next Ubuntu
release.  It is on the web mostly to ease review of new content.

Because these docs are for the development release not all instructions may
apply to a stable release of Ubuntu.  In the case of OpenLDAP section they
happen to apply nicely to Intrepid as well as Jaunty, but that may not be
the case in the future.

It may help to check the development instructions if the released docs don't
have an answer, but I highly recommend using the released version first.

> 3: Copy Config
>    cp /etc/ldap.conf /etc/ldap/ldap.conf
>

Not sure why you would do this since these are seperate config files and
have different options?  /etc/ldap/ldap.conf is part of the libldap package
which totally separate from libnss-ldap which supplies the /etc/ldap.conf
file.

> 6: Enable cached credentials:
>    apt-get install nss-updatedb libnss-db libpam-ccreds
>    nss_updatedb ldap
>    nano /etc/nsswitch.conf
>
>        (edit the passwd and group entries to the following)
>
>        passwd: files ldap [NOTFOUND=return] db
>        group: files ldap [NOTFOUND=return] db
>
>        (create a cron job to update the db daily)
>
>        echo '#!/bin/sh' | sudo tee /etc/cron.daily/upd-local-nss-db
>        echo `which nss_updatedb` ldap | sudo tee -a
> /etc/cron.daily/upd-local-nss-db
>        sudo chmod +x /etc/cron.daily/upd-local-nss-db
>
>
>        nano /etc/pam.d/common-auth
>
>        (replace with the following text)
>
>        auth [success=done default=ignore] pam_unix.so nullok_secure
> try_first_pass
>        # If LDAP is unavailable, go to next line. If authentication via
> LDAP is successful, skip 1 line.
>        # If LDAP is available, but authentication is NOT successful, skip 2
> lines.
>        auth [authinfo_unavail=ignore success=1 default=2] pam_ldap.so
> use_first_pass
>        auth [default=done] pam_ccreds.so action=validate use_first_pass
>        auth [default=done] pam_ccreds.so action=store
>        auth [default=bad] pam_ccreds.so action=update
>

Cached credentials are a good idea, I'll be sure to add that to the Karmic
docs.

-- 
Party On,
Adam

Ubuntuubuntu-docs package

Comment 5 for bug 355400

Ubuntu
ubuntu-docs package