[TriLUG] LDAP Question

[Michael Alan Dorman]

Tanner Lovelace <lovelace at wayfarer.org> writes:
> Yeah, if all your access is through localhost it's probably
> pretty secure.  But, if you're only working with one computer,
> why bother using ldap?  Why not just use the standard files?

Replication---each box has its own copies of data, for redundancy and
speed.  Communication between the servers is done over SSL.

> I found a few.  Probably the best one is
> http://www.ofb.net/~jheiss/krbldap/ Both the powerpoint and the
> paper are really good.  (Yeah, I know it has a powerpoint, but it
> works real well with crossover office.)  I've also got a couple of
> other PDF files I can send you if you want (since I don't remember
> their URLs. :-()

Thanks, but I don't need them right now.  The link goes in the
bookmarks file, though.

> Well, that's why I suggested using rpm2cpio which converts an
> rpm to be a standard cpio file which can then be used with 
> tools in debian.  And, I suggested getting the source from
> redhat because I didn't know if Debian had anything equivalent.

Actually, the last sentence I was referring to was one about, "don't
feel like grovelling through the sources right now." :-)

For a while there I was the Debian/Alpha porter, and have grovelled
through many, many SRPMs, as that was the only place a lot of the
necessary patches existed.  rpm2cpio and I got to be very good
friends.

> Right now, it seems our biggest problem with the ldap stuff is
> getting the GSSAPI (Kerberos) authentication to work correctly.
> Kerberos is setup and working for logging in, but there's something
> not quite correctly setup with it and ldap (when modifying the ldap
> database, that is).  That's not as important, however, since basic
> (non-sasl) authentication to ldap still works.

You're not running into SASL-reentrancy problems are you?  Sig11s and
that sort of thing?

Mike.