tor 2011-01-20 klockan 14:31 +0000 skrev Timothy Legge:
> Hello list!
>
> I hope this message finds you all well.
>
> Ive been spending some time today trying to figure out how to get NFS
> working under OpenBSD with the shiny new LDAPD daemon.
>
> As far as I can tell, I have LDAPD working as intended, but I would welcome
> it if someone could give my config files a once over to ensure that Ive
> understood the documentation correctly. Here is an example of my
> /etc/rc.conf.local and my /etc/ldapd.conf for reference:
>
> # Named server configuration.
> named_flags=""
> named_user=named
> named_chroot=/var/named
>
> # Start the LDAP Daemon
> ldapd_flags=""
>
> # Enable required services for NSF
> #portmap=YES
> #nfs_server=YES
>
> #End Of File
>
> # $OpenBSD: ldapd.conf,v 1.2 2010/06/29 02:50:22 martinh Exp $
>
> schema "/etc/ldap/core.schema"
> schema "/etc/ldap/inetorgperson.schema"
> schema "/etc/ldap/nis.schema"
If you will be serving apple requests, I guess you also need an
apple-specific schema. IIRC, it should be installed on macs
in /etc/openldap/schema/apple.schema.
> listen on 10.0.1.20
> listen on lo0
> listen on "/var/run/ldapi"
>
> rootdn ldaproot
> rootpw password
>
> namespace "dc=timothylegge,dc=co,dc=uk" {
> rootdn "cn=root,dc=timothylegge,dc=co,dc=uk"
> rootpw "password"
> index sn
> index givenName
> index cn
> index mail
> fsync on
> # cache-size
> # index-cache-size
> relax schema
I suggest not using relaxed schema checking unless you're running a
custom application and don't care to write a schema file.
> # deny read access
> # deny write access
> # allow bind acceess
> # keyword to any
> }
>
> #End Of File
>
> So all given, as I understand it, the above config files 'should' start
> LDAPD correctly.
yes
> I guess now would be a good time to say I also have the
> built in DNS Server running on this box too, configured correctly for the
> domain timothylegge.co.uk.
ldapd doesn't verify your domain in DNS, even if your namespace is named
after your domain
> Im now stuck at the point of configuring NFS to use LDAPD for authentication
> and access to the network mount points. At this point, I only want to allow
> network access to the /home partition on the server.
You need to find some documentation about how mac os x integrates with
ldap. Googling for 'nfs ldap mac' seems to give some relevant results.
> I would also like to
> know how to add user accounts to the LDAPD server, as Im unsure how to do
> this. Also, it will be Mac OS X 10.6 clients that will be using the NFS and
> LDAPD server.
Either use a GUI frontend of your choice, or use the openldap-client
(available as a package) command line tool. With the latter you need to
write the ldif file yourself.
> Any help at all would be welcome at this point :)
>
> Looking forward to your comments.
>
> Tim
>
-martin
