Michael Prokop | 2 Jan 20:38 2011

Re: Is nss-ldap missing from grml 2010.04 ?

* jonty <grml <at> jonmail.co.uk> [Sun Jan 02, 2011 at 03:01:23PM +0000]:

> I have been using grml for the last couple of months.  I am building a
> network of about 20 machines, all running grml, and I want them to share
> a single set of login names and passwords.

Nice! :)

> So I decided to configure OpenLDAP as a service on one machine and
> configure the other machines to find login+password from this
> service.

> I am following the instructions set out at:

>   http://wiki.debian.org/LDAP/NSS
>   http://www.debian-administration.org/article/585/OpenLDAP_installation_on_Debian

> They suggest I use libnss-ldap.  But this package seems to be missing
> from my copy of grml 2010.04.  I have also checked the package list
> for 2010.12 and that does not contain libnss-ldap.

> This seems a strange omission from grml.  It contains slapd to run the
> service and several clients such as freeradius-ldap, libnet-ldap-perl,
> postfix-ldap, and smbldap-tools.  So why not libnss-ldap?

libnss-ldap requires pre-configuration to be useful and no shipped
package has a hard dependency on it, that's why it's not shipped by
default.

> I could install libnss-ldap on each client machine.  But then I have to
> repeat those same steps on 20 machines, which makes it 20 times more
> likely I will make a mistake somewhere.

> I tried "apt-get install libnss-ldap" on a test machine.  This started
> updating libc-bin and installing locales, which seemed a good way of
> breaking the distro.  Can anyone suggest a better approach?  Should I
> remaster the CD?  Is there some gmrl magic I am missing?  Is there a
> different tool for login+password that is not ldap?

Just grab Grml 2010.12 (current stable release) and run "apt-get
install libnss-ldap" there, no major updates (like libc) should be
necessary then.

If you want to have libnss-ldap persistent you can either use
http://wiki.grml.org/doku.php?id=persistency (not that great for 20
machines probably though), the debs=... bootoption to install it
during bootup (see http://grml.org/cheatcodes/), remaster it using
grml-live (see http://grml.org/grml-live/) or if PXE booting is an
option provide the adjusted grml_chroot (either from grml-live or
based on the official ones from
http://debian.netcologne.de/www.grml.org/release-chroots/) through
PXE.

regards,
-mika-
* jonty <grml <at> jonmail.co.uk> [Sun Jan 02, 2011 at 03:01:23PM +0000]:

> I have been using grml for the last couple of months.  I am building a
> network of about 20 machines, all running grml, and I want them to share
> a single set of login names and passwords.

Nice! :)

> So I decided to configure OpenLDAP as a service on one machine and
> configure the other machines to find login+password from this
> service.

> I am following the instructions set out at:

>   http://wiki.debian.org/LDAP/NSS
>   http://www.debian-administration.org/article/585/OpenLDAP_installation_on_Debian

> They suggest I use libnss-ldap.  But this package seems to be missing
> from my copy of grml 2010.04.  I have also checked the package list
> for 2010.12 and that does not contain libnss-ldap.

> This seems a strange omission from grml.  It contains slapd to run the
> service and several clients such as freeradius-ldap, libnet-ldap-perl,
> postfix-ldap, and smbldap-tools.  So why not libnss-ldap?

libnss-ldap requires pre-configuration to be useful and no shipped
package has a hard dependency on it, that's why it's not shipped by
default.

> I could install libnss-ldap on each client machine.  But then I have to
> repeat those same steps on 20 machines, which makes it 20 times more
> likely I will make a mistake somewhere.

> I tried "apt-get install libnss-ldap" on a test machine.  This started
> updating libc-bin and installing locales, which seemed a good way of
> breaking the distro.  Can anyone suggest a better approach?  Should I
> remaster the CD?  Is there some gmrl magic I am missing?  Is there a
> different tool for login+password that is not ldap?

Just grab Grml 2010.12 (current stable release) and run "apt-get
install libnss-ldap" there, no major updates (like libc) should be
necessary then.

If you want to have libnss-ldap persistent you can either use
http://wiki.grml.org/doku.php?id=persistency (not that great for 20
machines probably though), the debs=... bootoption to install it
during bootup (see http://grml.org/cheatcodes/), remaster it using
grml-live (see http://grml.org/grml-live/) or if PXE booting is an
option provide the adjusted grml_chroot (either from grml-live or
based on the official ones from
http://debian.netcologne.de/www.grml.org/release-chroots/) through
PXE.

regards,
-mika-

Gmane