Hello, The web page that you have on seting up OpenLDAP authentication is so out of date as to be detrimental to your users. Having already had to help several people on the #ldap channel in IRC who were having problems after following the guide, it would be of more benefit at this time to remove the page. Among the issues I see: (a) It still lists using the LDBM database. This is problematic, see: http://www.openldap.org/faq/data/cache/1167.html http://www.openldap.org/faq/data/cache/756.html (b) 2.7 tells the user to do a search against an empty database, and then says if they get an error message to figure out why with extra debugging. Since the database is empty, they are always going to get an error message. (c) 5.1 and 5.2 reference very old style ACL's that are likely not to work (or only by accident) in the modern OpenLDAP releases. Reproducible: Always Steps to Reproduce: 1. Follow the document Actual Results: You get a misconfigured system with an unreliable unsupported database backend. Expected Results: The documentation should reflect modern software requirements I suggest having the guide use back-bdb or back-hdb, and you will point to the guides on tuning the BDB database via DB_CONFIG. http://www.stanford.edu/services/directory/openldap/configuration/bdb-config.html and http://www.stanford.edu/services/directory/openldap/configuration/slapd-conf-replica.html may be of some help.
*** Bug 103163 has been marked as a duplicate of this bug. ***
Maybe some of infra people who use LDAP on our servers could take care of fixing or rewriting this guide?
I'll take care of this (hopefully soon but I don't make any promises).
As long as it is that misleading, it's better to replace the page with another one, stating that the original needs to be reworked, imho.
I'm struggling with LDAP for two weeks, please fix the HOWTO! Provided .schema's are faulty and I have no idea how to fix them. Including nis.schema produces this error: /etc/openldap/schema/nis.schema: line 194: AttributeType not found: "manager" Including interorgperson.schema produces this error: /etc/openldap/schema/inetorgperson.schema: line 155: AttributeType not found: "audio" I think the schemas should REALLY work aout-of-the-box. Well-written foolproof HOWTO on LDAP authentication is a must. Or at least point to well written HOWTO.
> I'm struggling with LDAP for two weeks, please fix the HOWTO! The bug is open and we know about it, don't shout about it ok? The fact that you are struggling with LDAP is not a primary concern of the Gentoo Project and there's plenty of docs out there. This was a helper for a general LDAP setup it's nothing gentoo specific anyway but since we are nice guys we'll *try* to update it and give something that works when we have time for it. In any case the doc is *not* advertised on the Documentation listing since it's outdated. In the mean time you can check the presentation that you can find here http://dev.gentoo.org/~lcars/ldap. docs-team: feel free to remove the doc or hide it completely since docs listing removal is not enough apparently.
after a discussion with the relevant parties it was decided that due to other good HOWTOs there is no reason to write one specifically for gentoo. That said I will be writing something up that our doc team are welcome to use if they are so inclined.
