I also forgot to mention:
I was thinking that if we setup SSL with our LDAP server, it would
probably safe to use with our website (I'm assuming Wordpress).
http://wordpress.org/extend/plugins/wpdirauth/
Quoting Jacob Beauregard <[log in to unmask]>:
> Preface: I know that printing isn't working. Neither are the test pages.
> It's entirely possible that the ldp addresses of the printers have
> changed. It's more likely that what Andrew and I did with hosts.allow
> has a lot more to do with it. In either case, I'll be looking into it.
>
> So to go over LDAP:
> We have our openLDAP server. Don't think of it as centralized user
> authentication, but think of it as a different kind of database.
>
> Each entry has a distinguished name (DN) based on it's location in the
> directory tree.
>
> The root DN for our database is "dc=cssa"
> i.e. the root of our tree
>
> The DN for groups is "ou=Groups,dc=cssa"
> i.e. The entry ou=Groups with parent dc=cssa.
>
> The DN for people is "ou=People,dc=cssa"
> i.e. The entry ou=Peoples with parent dc=cssa.
>
> The DN for my account is "uid=deadowl,ou=People,dc=cssa"
>
> So, in essence, this is structured like a file system tree, where
> entries have parents.
>
> The actual entry is like a table with a set of fields. Since it's an
> object-oriented database, you can have repetitions of some fields
> depending on how their defined in the schema (ex. UserPassword wouldn't
> be repeated).
>
> The entries for a person, for instance, has fields like userPassword,
> uid, uidNumber, mail, etc. These are a compilation of the schema-defined
> attributes from the schemas: posixAccount, shadowAccount, and
> inetOrgPerson. The entries for groups use the posixGroup schema. The ou
> entries use the OrganizationalUnit schema.
>
> Because these schemas are standard, it allows our machines to use the
> LDAP server for authentication. You can use LDAP for a lot more than
> just groups and users. Many people have machines, for instance, listed
> in their LDAP server. There are standard schemas for doing other things,
> too, like managing a DHCP server (although dhcpd.conf isn't really all
> that bad).
>
> Now how do our clients authenticate against the server? NSS+PAM.
>
> NSS = Name Service Switch. It can use LDAP on its own.
> nsswitch.conf is the file it uses.
> It essentially says where to get things the operating system needs and
> in what order.
> NSS refers to ldap.conf to get information for things such as accessing
> the LDAP server.
>
> PAM = Pluggable Authentication Module
> PAM modules allow for an easier means of authentication. We use an
> additional PAM module, other than the ones set up by default that make a
> home folder for the user if one doesn't exist (on masterhand and
> deadowlsurvivor2).
>
|
