Attempting to “Get into” LDAP #1

I know how to set up Active Directory, but I've never tried or seen an LDAP environment at work in Linux. Obviously (hmmm) it is possible, its just another case of knowing how. I don't.

So I'm gonna try to find out howto. I've googled and found stuff that dates from 2001. They talk about samba, an unstable version, ldap v3 and things like that. I'm gonna try to make some sense of it and learn how to for myself. I'll describe what I do here, that way i don't forget or lose scribbled notes that make no sense.

Starting docs:

www.openldap.org/doc Admin guide

www.idealx.org/prj/samba/smbldap-howto.fr.html which mentions packages you should get, but it's specifically for redhat so it can get confusing...

www.yolinux.com/tutorials/LinuxTutorialLDAP.html could be worth a look... they have a good number of tutorials anyway...

So, before we can actually break anything, we need a swift apt-get of ldap.

$ apt-cache search ldap > i'll filter what looks interesting at this point:

• ldap-utils - OpenLDAP utilities
• libldap-2.2-7 - OpenLDAP libraries
• libldap2 - OpenLDAP libraries
• slapd - OpenLDAP server (slapd)
• ldap-account-manager - webfrontend for managing Unix and Samba accounts in an LDAP directory
• ldap2dns - LDAP based DNS management system.
• ldapdiff - Tool to synchronize ldap servers using ldif formatted input files
• ldapdns - DNS server that pulls data from an LDAP directory
• ultrapossum-server - ULtraPossum LDAP server
• ultrapossum-tls - UltraPossum startTLS support module
• webmin-ldap-netgroups - LDAP webmin module for editing netgroups
• webmin-ldap-user-simple - Ldap users control module for webmin (skolelinux)
• webmin-ldap-useradmin - LDAP user administration module for webmin

First question... HELP!!! which ones do i need?

Linux does this to you sometimes. It gives you like 10 different things that can do the same function, and you don't know enough to tell which ones are needed and which aren't?? Then you install everything and see what happens.

This is what I call a BAD IDEA. Just leads to confusion.

OK. I read that kde has an LDAP gui admin tool, and being a cli wanabee that needs help, i will grab it when i remember it's name.

Then again, being chicken, i think i'll bob back to IRC and ask some wise guru (even though i'll get RTFM as a reply)

--Abandons idea, goes to IRC, predicts getting annoyed and smoking a cigarette or 5 instead...--

IRC got me a lot of 'er, no idea man.... type of comments, or try google ;)

oh well. time for a cigarette then.

And should i install a dns server first? probably.

just installed Bind9 and webmin tools now, along with apache 2 and lots of dependencies.... ho hum!

libnss-ldap debconf config gave me this information:

For this package to work, you need to modify your /etc/nsswitch.conf to use the ldap datasource. There is an example file at /usr/share/doc/libnss-ldap/examples/nsswitch.ldap which can be used as an example for your nsswitch setup, or it can be copied over your current setup.

Also, before removing this package, it is wise to remove the ldap entries from nsswitch.conf to keep basic services functioning.

will do, at some point, when i realise its the reason its not working, probably...
Anyway, apache installed and bind9 too. Webmin setup and working from a remote connection (1m50 away.. but its still remote!!)

So, to bind... first, try to create a master zone. That done, now to see if i can setup a client to use this zone.... maybe even a dynamic update (Oooh!)
I just edited resolv.conf and put my server,
also removed it from hosts, to make sure it doesnt cheat...
cant find server on port 53.... could this be a firewall problem?
the tension mounts....
i deactivated the firewall, and no servers can be reached..... hmmmm.

ok. before this drives me mad... i'll regoogle DNS Howto

i wonder if ive bitten off more than i can chew......

What is the point in having a rant?

Why bother?

Wherever you look, you can find someone for who things suck even more!

Just get on with it, do what you can. If you can honestly say to yourself that you tried your best, that's all that matters.

Your job can suck (mine does), you can have personal problems (we all do), you can have money problems (either serious or consumer addict - me too). Life sucks for everyone sometimes... Sometimes it sucks all the time.
And??


Rant about something? or do something about it.
Make some noise or just tread water while moaning.
If you can do something about it, do it.

Oh yeah, i forgot.... Don't try changing others. You can't. You'll just end up hurting yourself and others. Tel them you change, show them how, but leave them the choice to follow your example, or somebody else's or even **shock, horror** their own!

Using ubuntu linux

I just read Mark from Sysinternals' blog entry on Sony & DRM going too far, and it is frightening. He knows a looot of things about windows. I am MCSE but i am not a kernel hacker, just a simple network admin.

I have been tryin to learn linux as a replacement for windows for a good 3 years now. At the end of the summer, with work being slow and motiviation being down in the dumps, i rediscovered Debian linux in another form: Ubuntu, or Kubuntu.

Now, the thing with linux is, you dont need to be a geek to use it, thought it helps... What you really need to use Linux is this

• Time and willingness to put in an effort,
• The desire to unlearn what using windows on your PC has taught you,
• An idea of what you want to use it for...

With Ubuntu, you can be in luck and not need to put in much effort to get it to work, it is for a lot of people operational out of the box: it just works(tm)
You may not be in luck for a couple of things, and you have both ubuntu forums and the official irc help channel where you can ask. irc://freenode.net #ubuntu
and with Ubuntu you aren't limited like you can be with a 'newbie' linux, as it uses Debian's base.
Give it a try!

Ubuntu

Kubuntu

Linux is not a replacement for windows, it doesn't need market share to continue to survive, it is a different philosophy, a different way of interacting with your PC. It wants you to learn how to use it, how it does things... If you just want to use Linux in order to not use Windows, you can, but you'll be missing out on a wonderful experience and an opportunity to interact with your PC as a 'chef d'orchestre', not as a passive windows victim that Windows usage makes most of us.

Using windows: Nightmare #1

OK... so i went on about linux ..... now i'd like to have a biased slant on windows...

I have been using for X years, like everyone else... I'm MCSE 2003 and MCSA 2000/3... And?

Using windows can lead to lots of fun. especially when you have a corporate environment you can break with just about any small config change. Hours of fn can be had, serious.....
To be fair, windows is not the real culprit in this, total stupidity and inside out organisation also have a part to play, especially when the netwotk is setup to break for jst about anything. I wondere even if it isnt by design sometimes.

I work for a company, that works for a big IT company, that works for a mulitnational holding company.
My company is really cool, their client is a partisan of profit before anything else... "Value for Money ? what's that all about?" "Customer service? We DONT care!!!" Hence massive delocalisation and tech support being at least a continent away.
The holding company is even worse. I'm sure they'd delocalise to Mars and communicate by space-enabled migrating pigeons if their accountants found it was cheaper.
As a corporate antiviral solution, they have deployed Sym*nt*c.. also known as N*rt*n Windowsbreaker all over the PCs in europe. The thing is enough in itself to break the stablest of windows OS. Who needs viral infection when you can pay for the right to install this crap and let it break your pc????

Anyway, they are migrating to W2K3 from NT right now... the whole thing is such a mess from the start that the process will take a good 24 months in all.
One day, we / they decommissioned a server that had been replaced.
From that point on, anyone who clicked on anything had a minute's wait before anything at all happened on their desktop. Now imagine this happening in corporate offices all over the country... fun, right?
Especially for the guy dumped there to 'sort things out'.
Ended up that all the windows boxen had a Path variable to a share on this server declared in an otherwise empty autoexec.bat.
And windows, being well coded and bug free, checks this variable whenever anything, ever, is asked of it...
The server being no longer there, windows decided to go on hold until it got an answer, which it never did...... hours of happiness!!!

But todays problem is a bit more complicated. You login, you get your wallpaper, and nothing more. Fantastic! Productivity levels go sky high at times like these!!!
For some obscure reason, it is linked to a software deployment server in holland (where their HQ is). They are upgrading all mail servers to Exsponge 2003 and lookOut 2003 clientside... because that way they can use client side caching on the mail systems and ... you guessed it... centralise all servers in one place. So when the carrier breaks down, or goes on strike, nothing will work at all. Which I find spookily efficient.
So anyway, they told all the .nl people they could install lookOut 2003 and the server is sort of on its last legs anyway. And it seems that for anyone in europe who logs on, windows will contact this server to say "hi, i'm here, got any patches you can push on me to make me more unstable and slow down the overall user experience a bit more?" And the serer being comatose and overdosed wth requests.... no one gets their desktop.

I found a workaround: task manager> kill explorer.exe and rerun it as a new process..... this in order to allow people to actually work. The central team in .nl hasn't found a better solution than to advise my workaround.... I wonder how many of them have a finger stuffed in a hole to stop the dam(n server) from breaking completely?
oh well.

Oh yeah... they've decided to push a 5 min corporate bullshit screensaver to each desktop in the company.... full of shit like 'proud to be part of the XXXX team', 'going somewhere with XXXX' etc ad nauseum...
They've only been elaborating a plan to double profits by firing everyone and delocalising a bit more. Where i'm based 140+ people will be without a job in 3 months, so i find this screensaver thing particularly tactless.

Next please....