Changeset 2016


Ignore:
Timestamp:
Oct 20, 2011, 12:04:45 AM (10 years ago)
Author:
ezyang
Message:
Extra notes about LDAP.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/fc15-dev/server/doc/install-ldap

    r2009 r2016  
    2828
    2929# Inside cn=config.  These changes definitely require a restart.
    30 nsslapd-ldapifilepath: /var/run/slapd-scripts.socket
     30nsslapd-ldapifilepath: /var/run/slapd-scripts.socket  [NOTE: didn't need to do this]
    3131nsslapd-ldapilisten: on
    3232nsslapd-syntaxcheck: off
     33
     34# We need to turn off syntax check because our schema is wrong and too
     35# restrictive on some value. This should get fixed.
    3336
    3437# Add these blocks
     
    4952  sure you chown/chgrp it to be readable by fedora-ds
    5053- Uncomment and modify in /etc/sysconfig/dirsrv: KRB5_KTNAME=/etc/dirsrv/keytab ; export KRB5_KTNAME
     54  [NOTE: didn't need to do this either]
    5155- chown fedora-ds:fedora-ds /var/run/dirsrv
    5256- chown fedora-ds /etc/dirsrv/keytab
     
    209213nsDS5ReplicaBindDN: uid=ldap/old-faithful.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu
    210214nsDS5ReplicaBindDN: uid=ldap/shining-armor.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu
     215nsDS5ReplicaBindDN: uid=ldap/golden-egg.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu
    211216nsds5ReplicaPurgeDelay: 604800
    212217nsds5ReplicaLegacyConsumer: off
     
    223228       for just $MASTER.
    224229
     230       REMEMBER: You need to use FOO.mit.edu for the names!  Otherwise you will get
     231       unauthorized errors.
     232
    225233add uid=ldap/$MASTER,ou=People,dc=scripts,dc=mit,dc=edu
    226234uid: ldap/$MASTER
     
    247255       WARNING: There is a known bug doing full updates from 1.2.6 to
    248256       1.2.6, see https://bugzilla.redhat.com/show_bug.cgi?id=637852
     257
     258        ldapvi -b cn=\"dc=scripts,dc=mit,dc=edu\",cn=mapping\ tree,cn=config
    249259
    250260add cn="GSSAPI Replication to $SLAVE", cn=replica, cn="dc=scripts,dc=mit,dc=edu", cn=mapping tree, cn=config
     
    268278    If it fails with LDAP Error 49, check /var/log/dirsrv on $MASTER
    269279    for more information.  It might be because fedora-ds can't read
    270     /etc/dirsrv/keytab
     280    /etc/dirsrv/keytab or because you setup the account on the SLAVE
     281    incorrectly.
    271282
    272283    6. Replicate in the other direction.  On $MASTER, add $SLAVE
Note: See TracChangeset for help on using the changeset viewer.