LDAP

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MMScott H at <-
MKevin at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Craig White
Date:  
Subject: LDAP
On Thu, 2003-12-18 at 05:11, Kevin wrote:
> On Thu, 2003-12-18 at 00:13, Craig White wrote:
> > Perhaps some of you have done this many times but I just finally found
> > the end of the rainbow. I even remember a thread on this base about LDAP
> > mocking him - and it mocked me and it mocked me. It was the single
> > hardest thing that I have ever learned on Linux.
> >
>
> Congratulations! Quite an accomplishment.
>
> > Set up Linux server - LDAP with TLS - self generated certificates from
> > self certificate server - pulled in Users/Groups/Hosts from existing
> > Linux mail/internet server, joined Windows Domain and slurped up the
> > Windows Users/Groups/etc. and am ready to promote it to PDC. Will be
> > revising group policies tomorrow and then it's on to roaming profiles
> > and I am done. Linux Mail Server - Windows NT Server and Macintosh
> > Server are all being rolled into one set of user
> > accounts/passwords/policies to manage.
> >
> > I find that I want to find the phone hidden in the pads on the goal post
> > in the endzone and there's no football to sign with the Sharpie that's
> > in my socks so I'll settle for posting up here.
> >
>
> Now, to kick the extra point after your touchdown... Do you have any
> documentation of your efforts that would benefit the group?
> Configuration notes or maybe even a HOWTO draft???
>
> I'm sure there are a few of us who would like to following the trail you
> are blazing.
---
Ok - but am still blazing the trail - have a lot of work still ahead of
me before I'm done.

Clearly it's working because the first people in the office this morning
couldn't log onto Windows domain - those with Upper/Lower & spaces in
their usernames don't migrate well to the newer systems - I had to shut
smb off until after hours tonight and I'll get to play with it some more
and then I have to set up all of the new Windows XP professional
systems, their roaming profiles...etc. May be several weeks before I can
condense it. To see the Samba Server actually listed as BDC in Server
Manager was awesome. To know that this morning - it was confirmed this
morning when the first people tried to authenticate off the BDC and not
the Windows NT PDC.

Interestingly enough - I never had much problems with Samba 2.x -
including using it as a Windows PDC. LDAP is a bear though and then
integrating it with Samba 3.0, connecting it all to an existing Windows
PDC and then migrating the SAM to Samba/LDAP was the real kicker.

Oh and the day and a half I lost because I couldn't connect to the LDAP
server via TLS because I generated the certificates/keys with the FQDN
and tried to connect to ldaps://localhost/ instead of ldaps://fqdn/ -
looks so obvious when I state it but finding out that this was the cause
of connection problems was frustrating beyond belief.

Craig


This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-LDAPLDAP->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)