[clug] Samba + OpenLDAP Presentation Progress

Alex Satrapa grail at goldweb.com.au
Mon Nov 15 00:30:16 GMT 2004

I've got all the required packages cached using "apt-cacher" now, so 
there's little or no need for Internet access. I'm working on the 
presentation at my girlfriend's place, out at Binalong, where I get 
54kbps dialup for a few hours a day, so being Internet independent is 
important to me ;)

The IDEALX Samba + OpenLDAP HOWTO is getting some grammatic, spelling, 
procedural corrections which will be contributed back to IDEALX after 
the presentation has successfully completed.

Right now I'm doing battle with OpenSSL, trying to set up a certificate 
authority (or more to the point, trying to understand what all the 
HOWTOs are doing). Part of the OpenSSL setup for this presentation is a 
Makefile that allows the user to set up a CA on the fly and generate a 
key/certificate pair for any arbitrary machine from that CA. The next 
trick is to use those certificates for various servers to enable TLS, 
and iron out the kinks in the authority chain and loading CA 
certificates into various clients.

As far as agenda goes, the night will go something like this:
  - Set up Debian boxen
  - Introduction to LDAP and schema, discussion of objectClass types
    to be used in this install
  - Install Samba and get it working
  - Install OpenLDAP and get it working
  - Demonstrate some GUI clients for LDAP
  - Demonstrate CLI maintenance of LDAP
  - Demonstration of foolishness of not securing LDAP with SSL,
    using tethereal
  - Install OpenSSL and get CA working
  - Configure OpenLDAP for SSL access
  - Configure PAM support for LDAP
  - Demonstrate server lockup when LDAP server disappears
  - Configure backup LDAP server and replication
  - Configure Samba to use LDAP for backend
  - Demonstrate network overload when using LDAP to replace /etc/passwd
  - Install nscd and compare network traffic, server load with
    non-cached traffic and load.
  - Demonstrate problems with caching of name service results
  - Demonstrate user administration using the IDEALX smbldap-tools
  - Discuss other uses for the LDAP directory (eg: address book)

The agenda will be adjusted to take about 2 hours - I may have to 
shortcut by doing the usual cooking show thing of showing the raw 
ingredients then pulling out "one I prepared earlier" and skipping from 
the LDAP introduction to the "Configure Samba to use LDAP for backend" 
step. I haven't timed the presentation yet.

If time allows, I'll probably demonstrate or describe how to set up 
Postfix and Cyrus IMAPd to tie in with LDAP for SMTP and IMAP 
authentication, SMTP recipient & sender mapping and forwarding email.

Once the presentation is complete and last-minute changes have been 
made, I plan to return a revised version of the IDEALX HOWTO to the 
people at IDEALX. There's no way to improve a HOWTO document better 
than using it, right?

So please, plan to bring along your machines - my old slow boxen will 
like the company.


"If knowledge can create problems, it is not through ignorance that we 
can solve them."  --Isaac Asimov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 220 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/linux/attachments/20041115/3a337c3e/PGP.bin

More information about the linux mailing list