[clug] Samba + OpenLDAP Presentation Progress
grail at goldweb.com.au
Mon Nov 15 00:30:16 GMT 2004
I've got all the required packages cached using "apt-cacher" now, so
there's little or no need for Internet access. I'm working on the
presentation at my girlfriend's place, out at Binalong, where I get
54kbps dialup for a few hours a day, so being Internet independent is
important to me ;)
The IDEALX Samba + OpenLDAP HOWTO is getting some grammatic, spelling,
procedural corrections which will be contributed back to IDEALX after
the presentation has successfully completed.
Right now I'm doing battle with OpenSSL, trying to set up a certificate
authority (or more to the point, trying to understand what all the
HOWTOs are doing). Part of the OpenSSL setup for this presentation is a
Makefile that allows the user to set up a CA on the fly and generate a
key/certificate pair for any arbitrary machine from that CA. The next
trick is to use those certificates for various servers to enable TLS,
and iron out the kinks in the authority chain and loading CA
certificates into various clients.
As far as agenda goes, the night will go something like this:
- Set up Debian boxen
- Introduction to LDAP and schema, discussion of objectClass types
to be used in this install
- Install Samba and get it working
- Install OpenLDAP and get it working
- Demonstrate some GUI clients for LDAP
- Demonstrate CLI maintenance of LDAP
- Demonstration of foolishness of not securing LDAP with SSL,
- Install OpenSSL and get CA working
- Configure OpenLDAP for SSL access
- Configure PAM support for LDAP
- Demonstrate server lockup when LDAP server disappears
- Configure backup LDAP server and replication
- Configure Samba to use LDAP for backend
- Demonstrate network overload when using LDAP to replace /etc/passwd
- Install nscd and compare network traffic, server load with
non-cached traffic and load.
- Demonstrate problems with caching of name service results
- Demonstrate user administration using the IDEALX smbldap-tools
- Discuss other uses for the LDAP directory (eg: address book)
The agenda will be adjusted to take about 2 hours - I may have to
shortcut by doing the usual cooking show thing of showing the raw
ingredients then pulling out "one I prepared earlier" and skipping from
the LDAP introduction to the "Configure Samba to use LDAP for backend"
step. I haven't timed the presentation yet.
If time allows, I'll probably demonstrate or describe how to set up
Postfix and Cyrus IMAPd to tie in with LDAP for SMTP and IMAP
authentication, SMTP recipient & sender mapping and forwarding email.
Once the presentation is complete and last-minute changes have been
made, I plan to return a revised version of the IDEALX HOWTO to the
people at IDEALX. There's no way to improve a HOWTO document better
than using it, right?
So please, plan to bring along your machines - my old slow boxen will
like the company.
"If knowledge can create problems, it is not through ignorance that we
can solve them." --Isaac Asimov
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 220 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/linux/attachments/20041115/3a337c3e/PGP.bin
More information about the linux