CentOS - Jul 2009 - LDAP howto using ds-base and ds-admin and related consoles

Hi,
I have previously used openLDAP and read many of their howto documents 
for establishing an LDAP server.
RH and CentOS provide <brand>-ds-base and related rpms and I like what I 
see and read about the product.
I found the wiki article on installing the rpms and getting it running 
on a server - so far so good.
Then I fall into a big hole.
What are the key items that need to be put in place to actually make it 
useful for my domain?
Is there a document somewhere for those of us that want to bridge from 
openLDAP to the RH based product?
I have read many hundreds of pages, have purchased O'reilly's LDAP 
System Administration but cannot seem to get my dirsrv based LDAP to 
function.
I do understand that ds uses LDIF files to store and set things up, but 
seem unable to grasp the arcane entries that need to exist so I can 
access it with a basic LDAP client to load my users etc.
Also I guess there are certain schemas that need to be used to allow 
basic functions to work.
My wish list:
linux user authentication and authorization
windows user authentication and authorization (via samba?)
customer contact list (name, address, company, phone numbers, email 
addresses)
- this last one to be used by Thunderbird and my SIP phone system - both 
of which profess to speak LDAP
I'm sure there are many small business folk that would like something 
like this, however I cannot find a template with all my searches, so for 
those of you with better LDAP and or google skills - please point me in 
the right direction.
Thanks
Rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rkampen.vcf
Type: text/x-vcard
Size: 121 bytes
Desc: not available
URL:
<http://lists.centos.org/pipermail/centos/attachments/20090730/7178cb04/attachment-0002.vcf>

On Jul 30, 2009, at 1:03 PM, Rob Kampen wrote:
> Hi,
> I have previously used openLDAP and read many of their howto  
> documents for establishing an LDAP server.
> RH and CentOS provide <brand>-ds-base and related rpms and I like  
> what I see and read about the product.
> I found the wiki article on installing the rpms and getting it  
> running on a server - so far so good.
> Then I fall into a big hole.
> What are the key items that need to be put in place to actually make  
> it useful for my domain?
> Is there a document somewhere for those of us that want to bridge  
> from openLDAP to the RH based product?
> I have read many hundreds of pages, have purchased O'reilly's LDAP
> System Administration but cannot seem to get my dirsrv based LDAP to  
> function.
> I do understand that ds uses LDIF files to store and set things up,  
> but seem unable to grasp the arcane entries that need to exist so I  
> can access it with a basic LDAP client to load my users etc.
> Also I guess there are certain schemas that need to be used to allow  
> basic functions to work.
> My wish list:
> linux user authentication and authorization
> windows user authentication and authorization (via samba?)
> customer contact list (name, address, company, phone numbers, email  
> addresses)
> - this last one to be used by Thunderbird and my SIP phone system -  
> both of which profess to speak LDAP
> I'm sure there are many small business folk that would like  
> something like this, however I cannot find a template with all my  
> searches, so for those of you with better LDAP and or google skills  
> - please point me in the right direction.
> Thanks
> Rob
Hi Rob,

The documentation for the 389 Directory Server (n?e Fedora Directory  
Server) may answer a lot of your questions.  Since Red Hat Directory  
Server (and therefore CentOS Directory Server) is based on its code, I  
think you'll find much of its documentation applicable.

http://directory.fedoraproject.org/wiki/Documentation

Among other things, you should find pages on the linked site which  
talk about authentication, migration from OpenLDAP, Samba, etc.

Regards,

James

On Thu, Jul 30, 2009 at 1:03 PM, Rob Kampen<rkampen at kampensonline.com>
wrote:
[snip]
> I have read many hundreds of pages, have purchased O'reilly's LDAP
System
> Administration but cannot seem to get my dirsrv based LDAP to function.
> I do understand that ds uses LDIF files to store and set things up, but
seem
> unable to grasp the arcane entries that need to exist so I can access it
> with a basic LDAP client to load my users etc.
> Also I guess there are certain schemas that need to be used to allow basic
> functions to work.
> My wish list:
> linux user authentication and authorization
> windows user authentication and authorization (via samba?)
> customer contact list (name, address, company, phone numbers, email
> addresses)
> - this last one to be used by Thunderbird and my SIP phone system - both of
> which profess to speak LDAP
> I'm sure there are many small business folk that would like something
like
> this, however I cannot find a template with all my searches, so for those
of
> you with better LDAP and or google skills - please point me in the right
> direction.

There's a pretty straightforward guide at HowToForge.com (search for
"CentOS LDAP"). It's a little dated, but works as advertised.  In
a
nutshell the installation requires installing the centos-ds packages
(about 4), installing a Sun Java, and then populating the database.
The client side is even simpler.

Linux and Windows user authentication is straightforward, with GUI
based setup and editing.

The default schema I use doesn't include address, company, etc., but
these are very easily added.  I tested with kaddressbook and a couple
other LDAP browsers without any glitches.