Obruo

To get from a base debian etch (4.0) config to a working basic un/pw/gecos system-auth off ldap config here’s what you do

From a totally minimal base install (minimal, no addition repos), you must at this point have a working network, I’ll leave that to you…

Then…

—

edit /etc/apt/sources.list to read:

—

deb http://http.us.debian.org/debian etch main contrib non-free
deb http://security.debian.org/ etch/updates main contrib non-free
deb-src http://http.us.debian.org/debian etch main contrib non-free
deb-src http://security.debian.org/ etch/updates main contrib non-free
—

Update the system to current:

# apt-get update && apt-get upgrade (say yes if there are any upgrades)

Install what I consider essential apps and a reasonable build environment for later and slapd, libnss-ldap, and libpam-ldap:

# apt-get install autoconf automake1.9 bison build-essential bzip2 colordiff ctags debconf-utils debian-keyring elinks flex gcc-4.1-locales gdb gpm htop ldap-utils libltdl3-dev libmudflap0-dev libnss-ldap libpam-ldap libtool linux-headers-`uname -r` lynx mimedecode mime-support ncftp2 netcat nmap openssh-blacklist openssh-client openssh-server psmisc screen slapd ssh sysstat sysv-rc-conf telnet telnetd urlview vim vim-scripts

Replace /etc/ldap/slapd.conf with the following:

—

include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/misc.schema

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel        0
modulepath      /usr/lib/ldap
moduleload      back_bdb
sizelimit 500
tool-threads 1
backend         bdb
checkpoint 512 30

database        bdb
suffix          “dc=fakedom,dc=dom”
rootdn          “cn=admin,dc=fakedom,dc=dom”
rootpw          (run slappasswd and paste output here)
directory       “/var/lib/ldap”
lastmod         on

access to attrs=userPassword,shadowLastChange
by dn=”cn=admin,dc=fakedom,dc=dom” write
by anonymous auth
by self write
by * none

access to *
by dn=”cn=admin,dc=fakedom,dc=dom” write
by * read
—

Replace /etc/nsswitch.conf with the following:

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference’ and `info’ packages installed, try:
# `info libc “Name Service Switch”‘ for information about this file.

passwd:         compat ldap
group:          compat
shadow:         compat ldap

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

—

Replace /etc/libnss-ldap.conf with the following:

—

base dc=fakedom,dc=dom
uri ldap://127.0.0.1
ldap_version 3
rootbinddn cn=admin,dc=fakedom,dc=dom
—

Replace  /etc/pam_ldap.conf with the following:

—

host 127.0.0.1
base dc=fakedom,dc=dom
uri ldap://127.0.0.1
ldap_version 3
rootbinddn cn=admin,dc=fakedom,dc=dom
pam_password exop
—

Replace /etc/ldap/ldap.conf with the following:

—

BASE    dc=fakedome, dc=dom
URI     ldap://127.0.0.1
—

Create a base.ldif file in /tmp to import into the directory to test against:

—

dn: dc=fakedom,dc=dom
objectClass: top
objectClass: dcObject
objectClass: organization
o: fakedom.dom
dc: fakedom

dn: cn=admin,dc=fakedom,dc=dom
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: (Paste output from slappasswd)

dn: ou=People,dc=fakedom,dc=dom
ou: People
objectClass: organizationalUnit
objectClass: top

dn: uid=testy,ou=People,dc=fakedom,dc=dom
uid: testy
cn: testy
objectClass: account
objectClass: posixAccount
objectClass: top
loginShell: /bin/bash
uidNumber: 10000
gidNumber: 10000
homeDirectory: /home/testy
gecos: Testy,,,,
userPassword: (Paste output from slappasswd)

—

#/etc/init.d/slapd restart

#ldapadd -x -W -D ‘cn=admin,dc=fakedom,dc=dom’ -f /tmp/base.ldif  (enter password when prompted)

# /etc/init.d/slapd restart

# getent passwd | grep testy (should return testy’s entry)

# /etc/init.d/openbsd-inetd start

# telnet localhost and use testy’s login credentials, if it works you’re set

If it doesn’t… I’m sorry :)

General Stuff, Shadus Ramblings, Technology

… but quite honestly the best way to deal with liars is do nothing, they always hang themselves in the end. I’ve watched my father do it on two occasions… people who are playing dirty always eventually hang themselves with no help so sit back, relax, and enjoy the show. The more they try to make you look bad, the worse they themselves look. Gotta love that. The universe makes sure everyone is playing on the same ground over the long run, even if in the short term things seem unfair.

I gotta say, I’ve never been happier to have someone gone from my life.  Who knew a little peace could be so satisfying.

General Stuff, Shadus Ramblings

Check out the post over at violentacres– V is absolutely correct, the war on drugs, euthanasia, et all are absolutely bullshit.  This is my greatest pet peeve, it makes me god damned angry, what right does anyone but me have to determine what i should or shouldn’t be trusted with putting in my body?  Why does someone other than me get to decide that it’s not okay for me to kill myself?  Why does someone other than me get to decide anything about what I do with my own life and body?  They shouldn’t.  What really pisses me off is I get no say on what the money I contribute to the government is used for… I especially dislike the fact that they’re using my money to keep drug addicts in jail… over 700k drug arrests with jail time last I checked and with minimum sentencing guidelines… a lot of those people aren’t going to get out of jail until I’ve been dead for many years… and thousands and thousands of dollars of *MY* money getting used to keep a non-violent offender in jail… That’s supreme bullshit.  Lets not forget the time the police waste hunting them down, the court costs, the cost of appeals, the cost of a state appointed attorney, etc… it all adds up to a whopping load of utter crap.  Dump that money into education, health care, shelters for the poor, social security– damn near anything would be a better place to spend the money… or hell, here’s a crazy idea, just let us keep some of our damn money that’s being wasted.   It’s just such an absolute load of crap… more damage has been done by prohibition (call the drug war whatever you like, but that’s all it is– prohibition.) than it has ever even come close to preventing.  The sooner we’re treated like adults who can responsibly control what they do with their own being when it isn’t infringing on the rights of someone else to do the same… the better off we’ll be as a society.

General Stuff, Politics, Religion, Sex, Shadus Ramblings