ldap login related hints, rsyslogd

df4e7695 · Goik Martin · f2d5bbb1 · df4e7695
Commit df4e7695 authored 5 years ago by Goik Martin
--- a/Doc/Sdi/ldap.xml
+++ b/Doc/Sdi/ldap.xml
@@ -596,12 +596,16 @@ modifying entry "olcDatabase={0}config,cn=config"</screen>
        xlink:href="https://serverfault.com/questions/324608/how-do-i-get-openldap-on-centos-6-to-write-anything-to-its-log-files#answer-499902">using
        olcLogFile</link> will not override OpenLdap using your host's syslog
        facility: The file will be created (provided write permission is being
-        granted) but log messages will still be written to syslog.</para>
+        granted) but log messages will still be written to
+        <filename>/var/log/syslog</filename>.</para>

        <para>Thus creating a separate <filename>ldap.log</filename> file
        requires <link
        xlink:href="http://www.tldp.org/HOWTO/LDAP-HOWTO/logs.html">configuring
-        your system's syslog daemon appropriately</link>.</para>
+        your system's syslog daemon appropriately</link>. Current systems
+        allow for creating a file i.e.
+        <filename>/etc/rsyslog.d/slapd.conf</filename> containing the desired
+        log data redirection. Do not forget to restart your service.</para>
      </caution>
    </section>

@@ -665,9 +669,44 @@ modifying entry "olcDatabase={0}config,cn=config"</screen>
          <screen>$ id ldaptest
 uid=1001(ldaptest) gid=1001(ldaptest) groups=1001(ldaptest)</screen>

-          <para>A <quote>id: ‘ldaptest’: no such user</quote> message
-          indicates your <xref linkend="glo_LDAP"/> setup does not yet
+          <para>A <quote>id: ‘<code>ldaptest</code>’: no such user</quote>
+          message indicates your <xref linkend="glo_LDAP"/> setup does not yet
          work.</para>
+
+          <tip>
+            <itemizedlist>
+              <listitem>
+                <para><filename>/etc/nsswitch.conf</filename> should
+                contain:</para>
+
+                <programlisting language="none">passwd:         files ldap
+group:          files ldap
+shadow:         files ldap</programlisting>
+
+                <para>What does this mean?</para>
+              </listitem>
+
+              <listitem>
+                <para>Shut down you <command
+                xlink:href="https://linux.die.net/man/8/nscd">nscd</command>
+                daemon. Why?</para>
+              </listitem>
+
+              <listitem>
+                <para>After changing your configuration a reboot might be
+                required.</para>
+              </listitem>
+
+              <listitem>
+                <para>On your <xref linkend="glo_LDAP"/> server side: Enable
+                an appropriate <link
+                xlink:href="http://www.zytrax.com/books/ldap/ch6/#loglevel">logging
+                level</link> for debugging connection attempts. You may want
+                to select <option>conns</option>, <option>config</option> and
+                <option>stats</option>.</para>
+              </listitem>
+            </itemizedlist>
+          </tip>
        </listitem>

        <listitem>