From owner-freebsd-hackers@FreeBSD.ORG Wed Oct 5 09:37:00 2011 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6A7E6106564A for ; Wed, 5 Oct 2011 09:37:00 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3fd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id C6D6A8FC12 for ; Wed, 5 Oct 2011 09:36:59 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.187.76.163]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id p959ZddH029908 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Wed, 5 Oct 2011 10:35:40 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: Sendmail DKIM Filter v2.8.3 smtp.infracaninophile.co.uk p959ZddH029908 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infracaninophile.co.uk; s=201001-infracaninophile; t=1317807340; bh=K5x3gdYNmw+iRnsPH7uSkVKq2Ei+LFF283BBW5bo1tw=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Cc:Content-Type:Date:From:In-Reply-To: Message-ID:Mime-Version:References:To; z=Message-ID:=20<4E8C24E3.3010407@infracaninophile.co.uk>|Date:=20W ed,=2005=20Oct=202011=2010:35:31=20+0100|From:=20Matthew=20Seaman= 20|User-Agent:=20Mozilla/5.0=20(M acintosh=3B=20Intel=20Mac=20OS=20X=2010.6=3B=20rv:7.0.1)=20Gecko/2 0110929=20Thunderbird/7.0.1|MIME-Version:=201.0|To:=20=3D?UTF-8?B? RGFnLUVybGluZyBTbcO4cmdyYXY=3D?=3D=20|CC:=20Daniel=20O 'Connor=20,=20hackers@freebsd.org|Subject:= 20Re:=20Does=20anyone=20use=20nscd?|References:=20<86sjn84wco.fsf@ ds4.des.no>=20<53BBCF50-2ACB-431B-9EED-0533A3F1BE78@gsoft.com.au>= 20<86ehyrhlqp.fsf@ds4.des.no>|In-Reply-To:=20<86ehyrhlqp.fsf@ds4.d es.no>|X-Enigmail-Version:=201.3.2|OpenPGP:=20id=3D60AE908C|Conten t-Type:=20multipart/signed=3B=20micalg=3Dpgp-sha1=3B=0D=0A=20proto col=3D"application/pgp-signature"=3B=0D=0A=20boundary=3D"--------- ---enig73C7C15DBDBABA80C406AABD"; b=gQY4I4PzNnBlg+OmQH6cqeblABEyKc0G0PWZpAbmz6FZxpX24K3UL1xCGbwEmn2gm es3TJXXjaecRTyxNcUK2TsSkKwczOEoWcWTnwdAhBzNQhJ0IiOHZBTS+Yrn2cUlv+T DOG7wVCdoFcDbwAOf6oq7MDE/pPCvlf6i0klBtZ8= Message-ID: <4E8C24E3.3010407@infracaninophile.co.uk> Date: Wed, 05 Oct 2011 10:35:31 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 MIME-Version: 1.0 To: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= References: <86sjn84wco.fsf@ds4.des.no> <53BBCF50-2ACB-431B-9EED-0533A3F1BE78@gsoft.com.au> <86ehyrhlqp.fsf@ds4.des.no> In-Reply-To: <86ehyrhlqp.fsf@ds4.des.no> X-Enigmail-Version: 1.3.2 OpenPGP: id=60AE908C Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig73C7C15DBDBABA80C406AABD" X-Virus-Scanned: clamav-milter 0.97.2 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_20,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_FAIL autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk Cc: hackers@freebsd.org Subject: Re: Does anyone use nscd? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Oct 2011 09:37:00 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig73C7C15DBDBABA80C406AABD Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 05/10/2011 09:43, Dag-Erling Sm=C3=B8rgrav wrote: > While we're at it, I'd be very grateful if someone could email me a > quick and dirty guide to setting up an LDAP server for testing. I have= > too much on my plate right now to start reading documentation... The Quick Start guide on the OpenLDAP site is pretty good: http://www.openldap.org/doc/admin24/quickstart.html although steps 1 -- 8 just boil down to 'install from ports' on FreeBSD. Notes: 1) Don't enable SASL -- it adds a lot of complexity but doesn't change anything fundamental in the way LDAP works for testing purposes. 2) The default schema include inetOrgPerson and Posix which is enough to deal with basic Unix users and groups. If you want to do anything more advanced (eg. sudo related or OpenSSH LPK patches) then you'll need to import some external schema. I recommend always copying the schema files into $PREFIX/etc/openldap/schema or else casually removing a port could prevent your slapd from restarting days or weeks later... 3) The structure of an LDAP tree is site-specific and can be quite different between different organizations, but in essence it consists of sorting and grouping various classes of objects into various subdirectories of your directory tree. For testing purposes, impose at least a minimal amount of structure. As the quick start guide suggests, use the dc=3Dexample,dc=3Dcom form based on your domain name to root your= LDAP tree. Within that, create some sub-directories 'ou=3DUsers', 'ou=3DGroups', 'ou=3DHosts' for storing objects of the appropriate types.= This should provide a reasonable parallel to what most people would use in production. 4) ACLs and permissions are pretty complex in LDAP. This is something where you are going to have to spend some quality time with the manuals I'm afraid. 5) phpldapadmin is a pretty good tool for populating a directory with test data. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW --------------enig73C7C15DBDBABA80C406AABD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6MJOoACgkQ8Mjk52CukIxQnQCcCo/cp0RKKZEMZkfAqDX3VMwK EjAAn2QUbCANK2rABVsDjoYWc4eEgpMr =1tOB -----END PGP SIGNATURE----- --------------enig73C7C15DBDBABA80C406AABD--