LDAP: Difference between revisions

Line 16: Line 16:


=== [[LDAP]] in the system architecture ===
=== [[LDAP]] in the system architecture ===
In every ZCS installation, there will be one and only one ''Master'' [[LDAP]] server.  This server is authoritative for user information, server configuration, etc.  Additionally, one or more [[LDAP/]] ''Replicas''
In every ZCS installation, there will be one and only one ''Master'' [[LDAP]] server.  This server is authoritative for user information, server configuration, etc.   
 
Additionally, one or more [[LDAP#LDAP Replication|Replicas]] may be defined, to improve performance and reduce the load on the Master.
 
During installation in a multi-server environment, the [[LDAP]] server must be the first installed and configured, and must be running during any subsequent installations.  The [[LDAP]] server must also be the first started in a multi-server environment.


== [[LDAP]] troubleshooting ==
== [[LDAP]] troubleshooting ==

Revision as of 19:04, 5 March 2006

LDAP Overview

LDAP uses in ZCS

LDAP is used in ZCS to store data for

Additionally, information relating to:

Most of this data can be viewed and configured via the Admin Console or with zmprov.

LDAP in the system architecture

In every ZCS installation, there will be one and only one Master LDAP server. This server is authoritative for user information, server configuration, etc.

Additionally, one or more Replicas may be defined, to improve performance and reduce the load on the Master.

During installation in a multi-server environment, the LDAP server must be the first installed and configured, and must be running during any subsequent installations. The LDAP server must also be the first started in a multi-server environment.

LDAP troubleshooting

Installation Problems

  • LDAP initialization fails
    • Failure to resolve the LDAP server
    • Failure to connect to the LDAP server

Startup failures

LDAP and DNS

LDAP uses DNS to resolve the ldap host, even if it's localhost

To verify that you're able to resolve the ldap host:

host ldap-hostname

Make sure you understand DNS.

Failure to Connect

If resolution succeeds, the initialization may fail because the LDAP server failed to start

Integration with external LDAP servers

External Authentication

External GAL

Connecting to an external LDAP server with SSL

Provisioning users in LDAP

LDAP replication

Jump to: navigation, search