external LDAP server configuration

You need to be logged in to post to this forum.


Charles Murnane National Security Agency Elec Eng Post Count: 1	6/25/2008 8:52 am I am attempting to point the nodes in an SC072 system at an external LDAP server, one running on a Fedora 9 system. I am able to run ldapsearch on the SC072 nodes and get appropriate responses from the query. However, when I try to login to the SC072, I see in the log files on the Fedora 9 server that the SC072 has selected "ou=People,dc=example,dc=com" rather than "dc=example,dc=com" as the search base. This causes the Fedora 9 ldap server to return null results. (When I run ldapsearch on the nodes, I use -b "dc=example,dc=com", which gives the expected results.) I do not know enough about configuring ldap to determine from whence arises the "ou=People" part of the base for the ldap query on the SC072 or to configure the Fedora 9 ldap server to make use of it. Can anyone point me to some useful documentation in this area?
Jim Michaud Director of IT Post Count: 1	6/25/2008 1:54 pm The ou=People is a container that is usually used to store things associated with "people", such as user accounts; however it is by no means a hard set rule. An LDAP administrator can setup his/her own LDAP hierarchy and naming scheme, so if you may want to also ask this question to the LDAP Administrator of the external LDAP server you are connecting to. It should be ok to change the base to be just "dc=example,dc=com" it just means that you are searching more of the LDAP tree, instead of just in the "People" container. This is really only an issue if you have a large LDAP tree as searches may take longer if you have to parse the whole LDAP tree instead of just a sub-container. For a very brief overview of LDAP and to get a visual of what I'm talking about, see section 1 on http://www.gentoo.org/doc/en/ldap-howto.xml

Charles Murnane

National Security Agency Elec Eng
Post Count: 1

6/25/2008 8:52 am

I am attempting to point the nodes in an SC072 system at an external LDAP server, one running on a Fedora 9 system. I am able to run ldapsearch on the SC072 nodes and get appropriate responses from the query. However, when I try to login to the SC072, I see in the log files on the Fedora 9 server that the SC072 has selected "ou=People,dc=example,dc=com" rather than "dc=example,dc=com" as the search base. This causes the Fedora 9 ldap server to return null results. (When I run ldapsearch on the nodes, I use -b "dc=example,dc=com", which gives the expected results.)
I do not know enough about configuring ldap to determine from whence arises the "ou=People" part of the base for the ldap query on the SC072 or to configure the Fedora 9 ldap server to make use of it. Can anyone point me to some useful documentation in this area?

Jim Michaud

Director of IT
Post Count: 1

6/25/2008 1:54 pm

The ou=People is a container that is usually used to store things associated with "people", such as user accounts; however it is by no means a hard set rule. An LDAP administrator can setup his/her own LDAP hierarchy and naming scheme, so if you may want to also ask this question to the LDAP Administrator of the external LDAP server you are connecting to.

It should be ok to change the base to be just "dc=example,dc=com" it just means that you are searching more of the LDAP tree, instead of just in the "People" container. This is really only an issue if you have a large LDAP tree as searches may take longer if you have to parse the whole LDAP tree instead of just a sub-container.

For a very brief overview of LDAP and to get a visual of what I'm talking about, see section 1 on http://www.gentoo.org/doc/en/ldap-howto.xml

You need to be logged in to post to this forum.