Hi all. I want to set up the following server in open suse:
nfs (to allow users to mount their home directories from the server
I started off with the openldap server. I configured it with dc=localdomain,dc=local as its domain. As the server machine has no internet. Though when I go to add a .ldif file with the following command
ldapadd -x -D 'cn=Administrator,dc=localdomain,dc=local' -f /home/base.ldif -W
It returns this
adding new entry 'dc=localdomain,dc=local
Can you guys help?
Thanks in advance
As the message says, the entry already exists. Where did your LDIF file come from? If it came from a slapcat, you should import using slapadd. However if it came from a ldapsearch dump, then you should manually remove the parent entry which already exists.
Here’s the configruation for my server:
I then copied the DB_CONFIG.example file to localdomain.local changing the name to DB_CONFIG. I then created the base.ldif file using gedit in /home directory. The base.ldif file reads:
Thank you so much
If dc=localdomain,dc=local has already been created then obviously you don’t try to import it again.
Alright i removed the top of my ldif file so that it starts off with dn: ou=People etc. I then added the entries. I’m looking to use the server for user authentication. I’ver created a testuser though how do i migrate it over to ldap. Thanks so much
LDAP is not something that can be explained in one forum posting. You’ll need to read a fair bit about LDAP schemas and syntax. Try looking for a LDAP tute on the web. If there is a YaST module for LDAP accounts, you should try using that first. I don’t use LDAP on my openSUSE machine, only on enterprise servers which are RHEL.
What about mounting the home directories from the server. I was thinking to this through nfs but the client cofig for ldap has this option. Does it include all the configuration though?
LDAP only distributes the information of the user accounts, it doesn’t actually do the mounting. You can use a variety of techniques including static mounts and autofs services to export NFS directories to clients.
Think of LDAP as a network-wide accessible database that holds all kinds of key-value information. A user account is only one kind of information that can be distributed via LDAP.
I’ve used the gui to configure nfs. I added /home directory to share with (rw,sync). But how do you setup atuofs?
You have to set it up from the CLI, I’m not aware of a YaST wizard for it. And it’s done at the client.
Do you know a how to that tells you how to do it.
Did a search and this tute looks reasonable and similar to what I did:
I’ve done a bit of searching and haven’t found anything about migrating users. But i did find out that useradd -D is supposed to use binddn to bind to the ldap directory how does this work.
That bind DN is usually that of a privileged LDAP account that can modify the LDAP data to add a user. As you realise the concept of a root process is not relevant when the LDAP service is somewhere on the network.
Finally found something on migration scripts. After awhile though I still couldn’t get it working. Is there any way i can just create user from ldif files like the following:
Then have another one for the password file. Then just create a home directory for the user in /home which it will automount for.
Yes that would be the way to go. But make sure you have all the attributes you need. For example you don’t have uidNumber and home directory in that record above, among other things. And if this is meant to be for a user, it is not a posixGroup object, it should be a posixAccount object. So ou would be People, not Group.
Do you know a website that tells me what I need to do to do this. Once i’ve created the ldif files i suppose all I have to do is use the ldapadd command to add them
Search for a “LDAP passwd conversion script”. The one I used last time was written in Perl. Most of them need a bit of tweaking to work.
You should not use it to import system accounts. In fact you should leave the system accounts in /etc/passwd and /etc/group and only import the UIDs and GIDs >= 1000. Then set your /etc/nsswitch.conf to use both passwd/group and LDAP for authentication.
I’m a total noob at this and still trying to learn. Using ldap passwd conversion scripts are a little bit beyond me. I only have basic knowledge in openldap from RHEL. What about this how to from ubuntu could i use it?
All the conversion script does is take the lines you have cut out of the password file and generate a LDIF file for import. It doesn’t matter which flavour of Linux you are running.