|
CentOS 6 ldap setup question
Is it possible to have an Scientific Linux 6.1 (64 bit) server running the ldap from the channel to handle multiple domains (for spam appliances to query for valid email addresses).
Sorry I meant Scientific Linux 6.1 64 bit I have been reading several online howto/guides and I have not been successful. For example there are about 15 domains, can 1 ldap server be utilized to store the email addresses. ISP domain abc.com (alias domain abc123.com) dedicated domains: abcefg.com city-something.org anotherdomain.com ect... I am a bit lost on really how to go about this, any tips/advice would be great. As it seems getting ldap on a Linux distro functioning is challenging. |
Quote:
The answer to your question is YES. It's not going to be fun or easy, at least in my experience, but it is possible. I have personally setup LDAP that handled 7 different domains with out any issues. Now I was also using openSuSE 11.3 because it uses Novell's YaST System Management Tool and setting up LDAP with Mail support is some what straight forward in YaST. I will give this as a tip, the one thing that most everyone forgets is to establish correct ACL's. I know I did the first 4 or 5 times I setup an LDAP Network. The key is to allow everyone to authenticate but only allow authenticated users to be able to read or view any LDAP entries. You may also want to look into using 389DS (389 Directory Service) which at one point had an install rpm in the Fedora Repo, that is if you want to use a RHEL based distro. Here are a couple of How-To's from Novell for openSuSE and SLES/SLED based systems: http://en.opensuse.org/SDB:LDAP_server http://www.linuxtopia.org/online_boo...ldap_yast.html http://tldp.org/HOWTO/LDAP-HOWTO/ <-- good example for installing and configuring from source It's going to take some work to get all the pieces to work correctly. . |
Thank you for the reply, I will explore the options, I am starting to think it may be easier with OpenSuSE Linux possibly.
*** Did you use 32 bit or 64 bit??? This may be a dumb question does it matter what domain you start with in your config? Like this example: abc.com (is the main isp domain name) and (abc123.com) is an alias domain name then the others are all hosted domains like efg.com xyz.com bee.org ect.. ect.. You are correct it is going to be some work. Thank you again, the tips/advice were great! :) |
I have used both 32bit and 64bit. I first started with 32bit only because that was the OS I had installed already. There should be no difference between the 2 no matter what system you use. For the second C3DC(Community College Cyber Defense Challenge) I attended, we used openSuSE 11.3 32bit as the box they gave us to use would not support 64bit. My team placed 7th overall(22 teams) and we were complimented on our LDAP setup, and to be honest at the time I had taught myself how to setup and use basic authentication with LDAP 2 weeks before the competition as the guy that was suppose to do that backed out.
To answer your second question you will always start out setting up your LDAP or for that fact your MS-DS using your TOP Domain, in your case abc.com as the primary. Then you would setup any subsequent domain as a "Slave" or "Child" of the primary. Basically this is what you would see if you where to make a "Tree" of your hierarchy of what you wanted to do: abc.com(abc123.com) <-- Primary or Top Level (dc=abc,dc=com -- root of structure) | ------------------------------------- |............|............|.........| efg.com......xyz.com......bee.org...mno.info |............|............|.........| Alternatively you could also add to your Primary something like so: abc.com(abc123.com) <-- Primary or Top Level (dc=abc,dc=com -- root of structure) | --------------------- |............|.........| People Servers Domains <-- (ou=domains,dc=abc,dc=com) |............|.........| ---.........---........| .......................| ------------------------------------- |............|...........|..........| efg.com...xyz.com.....bee.org....mno.info <-- (cn=mno.info,ou=mno,dc=abc,dc=com) |............|...........|..........| (I hate it when systems remove "White Space" as it kills my pretty trees) You would set up each "Sub-Domain"/"Add-on Domain" as an Organizational Unit to the Root Domain, or you could even make an OU called Domains then place those Domains under that OU. This would then allow you to segregate out each Domain a little further. It all depends on what you are looking to accomplish in the end. Do you want Security over Complexity, or do you want to follow the following K.I.S.S. (Keep it simple stupid) rule of thumb. I have also used 389DS while running Fedora 12/13 and had no issues (only reason I used it was that was the OS that my instructor liked), but again it is going to take time and a lot of reading & posting to help forums. |
I like things the simplest as possible, basically it would be to identify valid email addresses for the company isp domain and the hosted domains only.
The spam appliances would read from them, I got the OpenSuSE downloaded and installed as a virtual machine. Would it be worthwhile to give the Fedora a try with ldap configuration as well? Sorry for so many questions, I am still researching/learning on this subject and it seems quite complex. thank you for all of you help/advice |
Quote:
If you are wanting "Simple" then I would recommend using openSuSE and YaST. I feel and I could be wrong because I am speaking from my experiences that it was easiest to get setup and actually working right with openSuSE. With Fedora the one thing that I have personally experienced is that when they "update" their products it can tend to break things that were once working correctly. The other issue with Fedora is you have to make a choice and that is do you do everything the old fashion way and use the command line for everything or do you use a "System" that has a GUI interface to make things a little easier. To answer the question in regards to being worthwhile to test multiple OSes at the same time and the answer to that (as a tester) is YES. I am going to say this, there is not 1 person in the world that knows everything there is to know about LDAP. I have been working with it for only 2.5 years and I am definitely still learning on the subject. I can only assist as much as my knowledge will provide, so I am sorry if these answers seem kind of vague. When it comes to testing I personally setup a couple of virtual networks and test multiple configurations as well as OSes. This gives me not only a good learning environment but I can better choose which direction to go. |
Thank you again for the help/advice on this subject as it is very complex to me since I am just getting started in my learning.
I downloaded the 11.4 OpenSuSE release as I seen 12.1 but did not download this one as it was the newest version. If you do not mind, I may post a few more questions on here, as openldap is very complex and has a steep learning curve. Thank you again, you have been a great help! :) Scott |
| All times are GMT -5. The time now is 02:49 AM. |