1020 lines
18 KiB
HTML
1020 lines
18 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>NetMeeting directory kit</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.63
|
|
"><LINK
|
|
REL="HOME"
|
|
TITLE="Linux NETMEETING HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="OpenH323"
|
|
HREF="openh323.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Using the Software"
|
|
HREF="using.html"></HEAD
|
|
><BODY
|
|
CLASS="SECTION"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Linux NETMEETING HOWTO</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="openh323.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
></TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="using.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECTION"
|
|
><H1
|
|
CLASS="SECTION"
|
|
><A
|
|
NAME="NETMEETSERVER"
|
|
>3. NetMeeting directory kit</A
|
|
></H1
|
|
><DIV
|
|
CLASS="SECTION"
|
|
><H2
|
|
CLASS="SECTION"
|
|
><A
|
|
NAME="WHATISNETMEET"
|
|
>3.1. What is it?</A
|
|
></H2
|
|
><P
|
|
> Each NetMeeting client can register with an LDAP server and
|
|
has a directory window that lists other
|
|
NetMeeting clients registered with the same server.
|
|
The NetMeeting directory kit is an extension to the OpenLDAP server
|
|
that provides directory service to NetMeeting clients.
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECTION"
|
|
><H2
|
|
CLASS="SECTION"
|
|
><A
|
|
NAME="WHYNEEDNETMEET"
|
|
>3.2. Why is it needed?</A
|
|
></H2
|
|
><P
|
|
> While NetMeeting can connect directly to another H.323 device by
|
|
specifying an IP address or DNS name, normally you'll want to use
|
|
an LDAP directory server. Using an LDAP server lets users see
|
|
a directory listing of available destinations, and is required
|
|
if you need to resolve aliases, for example if you want to serve
|
|
multiple H.323 destinations from a single IP address. A directory
|
|
server isn't required to connect directly from Linux
|
|
to a NetMeeting client; use OpenH323 for this.
|
|
</P
|
|
><P
|
|
> The NetMeeting client violates the LDAP protocol in several ways,
|
|
so you'll have problems if you try using a standard LDAP server.
|
|
The NetMeeting directory kit corrects for these problems and allows
|
|
an OpenLDAP server to be used for NetMeeting directory service.
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECTION"
|
|
><H2
|
|
CLASS="SECTION"
|
|
><A
|
|
NAME="HOWITWORKS"
|
|
>3.3. How it works</A
|
|
></H2
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
> Block diagram of NetMeeting directory kit
|
|
|
|
___________________ _______ __________________ ______________
|
|
| LDAP server | request | | | LDAP server | request| |
|
|
| | <-------| Perl |<--| | <------| NetMeeting |
|
|
| on private port | |script| | on public port | | client |
|
|
| (i.e, 2345) |-------> | |-->| 389 |------->| |
|
|
| | reply -------- | | reply --------------
|
|
| | | |
|
|
------------------- ------------------</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> The directory server consists of a 'master' LDAP server to
|
|
receive requests, a Perl script to correctly interpret
|
|
the Microsoft NetMeeting requests and, after interrogation
|
|
of a 'hidden' LDAP server, formats the results in a way that the
|
|
NetMeeting client can understand.
|
|
OpenLDAP's 'shell backend' is used to call the Perl script.
|
|
A custom schema is also required.
|
|
The script presently handles all of the above problems, with the
|
|
exception of timing out entries, which it doesn't do.
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECTION"
|
|
><H2
|
|
CLASS="SECTION"
|
|
><A
|
|
NAME="WHERETOGETSOFTWARE"
|
|
>3.4. Where to get the software</A
|
|
></H2
|
|
><P
|
|
> First of all you need to get the OpenLDAP software.
|
|
</P
|
|
><DIV
|
|
CLASS="NOTE"
|
|
><P
|
|
></P
|
|
><TABLE
|
|
CLASS="NOTE"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="25"
|
|
ALIGN="CENTER"
|
|
VALIGN="TOP"
|
|
><IMG
|
|
SRC="../images/note.gif"
|
|
HSPACE="5"
|
|
ALT="Note"></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
> Pre-built OpenLDAP software (i.e, RPMs) won't work unless
|
|
configured with support for the shell backend.
|
|
</P
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><P
|
|
> You can download OpenLDAP from the main site located at
|
|
<A
|
|
HREF="ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/"
|
|
TARGET="_top"
|
|
>ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/</A
|
|
>
|
|
or any mirror.
|
|
I've successfully used OpenLDAP 2.0.7.
|
|
</P
|
|
><P
|
|
> The NetMeeting directory kit is available from
|
|
<A
|
|
HREF="http://www.freesoft.org/software/NetMeeting/download"
|
|
TARGET="_top"
|
|
>http://www.freesoft.org/software/NetMeeting/download</A
|
|
>.
|
|
</P
|
|
><P
|
|
> You need Perl 5, available from
|
|
<A
|
|
HREF="http://www.perl.org/"
|
|
TARGET="_top"
|
|
>http://www.perl.org</A
|
|
>,
|
|
but already included in all common Linux distributions.
|
|
You will also need the Net::LDAP module from the Perl CPAN archive,
|
|
which can be downloaded and installed directly from Perl:
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>[root@y2k baccala]# <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>perl -MCPAN -e shell</B
|
|
></TT
|
|
>
|
|
|
|
cpan shell -- CPAN exploration and modules installation (v1.58)
|
|
ReadLine support enabled
|
|
|
|
cpan> <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>install Net::LDAP</B
|
|
></TT
|
|
>
|
|
|
|
... much output omitted ...
|
|
|
|
/usr/bin/make install -- OK
|
|
|
|
cpan></PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> If you've never used CPAN before, you will be prompted first with
|
|
a series of configuration questions. Once CPAN is configured,
|
|
the Net::LDAP module will be downloaded, compiled, and installed
|
|
automatically.
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECTION"
|
|
><H2
|
|
CLASS="SECTION"
|
|
><A
|
|
NAME="INSTALLSOFTWARE"
|
|
>3.5. Installation</A
|
|
></H2
|
|
><P
|
|
> Building OpenLDAP will require approximately 60 MB of free disk
|
|
space. Untar OpenLDAP and configure it.
|
|
</P
|
|
><DIV
|
|
CLASS="NOTE"
|
|
><P
|
|
></P
|
|
><TABLE
|
|
CLASS="NOTE"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="25"
|
|
ALIGN="CENTER"
|
|
VALIGN="TOP"
|
|
><IMG
|
|
SRC="../images/note.gif"
|
|
HSPACE="5"
|
|
ALT="Note"></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
> Be sure to specify the shell backend function "--enable-shell"
|
|
</P
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><P
|
|
> I also recommend specifying "--disable-debug" to prevent OpenLDAP
|
|
from exiting if an assertion fails.
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>bash$ <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>./configure --enable-shell --disable-debug</B
|
|
></TT
|
|
>
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> Now build and install it with:
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>bash$ <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>make</B
|
|
></TT
|
|
>
|
|
|
|
... much output omitted ...
|
|
|
|
bash# <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>make install</B
|
|
></TT
|
|
>
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> It will normally install under <TT
|
|
CLASS="FILENAME"
|
|
>/usr/local</TT
|
|
>:
|
|
</P
|
|
><DIV
|
|
CLASS="TABLE"
|
|
><A
|
|
NAME="AEN174"
|
|
></A
|
|
><P
|
|
><B
|
|
>Table 2. Directories used by OpenLDAP
|
|
</B
|
|
></P
|
|
><TABLE
|
|
BORDER="1"
|
|
CLASS="CALSTABLE"
|
|
><TBODY
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> <TT
|
|
CLASS="FILENAME"
|
|
>/usr/local/lib</TT
|
|
>
|
|
</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> Shared and static libraries
|
|
</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> <TT
|
|
CLASS="FILENAME"
|
|
>/usr/local/bin</TT
|
|
>
|
|
</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> Client binaries for adding, deleting,
|
|
and searching LDAP servers
|
|
</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> <TT
|
|
CLASS="FILENAME"
|
|
>/usr/local/sbin</TT
|
|
>
|
|
</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> Utility programs for manipulating the raw database files.
|
|
Not needed for normal operation.
|
|
</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> <TT
|
|
CLASS="FILENAME"
|
|
>/usr/local/libexec</TT
|
|
>
|
|
</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> Various server programs,
|
|
including the <B
|
|
CLASS="COMMAND"
|
|
>slapd</B
|
|
> binary
|
|
</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> <TT
|
|
CLASS="FILENAME"
|
|
>/usr/local/etc/openldap</TT
|
|
>
|
|
</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> Contains the default configuration files
|
|
</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> <TT
|
|
CLASS="FILENAME"
|
|
>/usr/local/etc/openldap/schema</TT
|
|
>
|
|
</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> The different schemas used by the LDAP servers.
|
|
</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> <TT
|
|
CLASS="FILENAME"
|
|
>/usr/local/var/...</TT
|
|
>
|
|
</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> The location of the LDAP databases (in subdirectories)
|
|
</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> <TT
|
|
CLASS="FILENAME"
|
|
>/usr/local/man/...</TT
|
|
>
|
|
</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> Documentation
|
|
</TD
|
|
></TR
|
|
></TBODY
|
|
></TABLE
|
|
></DIV
|
|
><P
|
|
> Once OpenLDAP has been installed, next install the NetMeeting
|
|
directory kit.
|
|
Untar <TT
|
|
CLASS="FILENAME"
|
|
>ndk.tgz</TT
|
|
>.
|
|
It contains these files:
|
|
</P
|
|
><DIV
|
|
CLASS="TABLE"
|
|
><A
|
|
NAME="AEN213"
|
|
></A
|
|
><P
|
|
><B
|
|
>Table 3. NetMeeting directory kit files
|
|
</B
|
|
></P
|
|
><TABLE
|
|
BORDER="1"
|
|
CLASS="CALSTABLE"
|
|
><TBODY
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>netmeeting.perl</TT
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> Perl script used to correct NetMeeting protocol violations
|
|
</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>netmeeting.schema</TT
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> Custom NetMeeting schema used by the LDAP server
|
|
</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>core.schema.patch</TT
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> Patch to LDAP server's core schema
|
|
</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>slapd.conf</TT
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> Sample config file for the master LDAP server
|
|
</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>slapd2.conf</TT
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> Sample config file for the slave LDAP server
|
|
</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>initialize</TT
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> Shell script used once to initialize the slave LDAP database
|
|
</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>slapd.rc</TT
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> <TT
|
|
CLASS="FILENAME"
|
|
>/etc/rc.d/</TT
|
|
> script
|
|
</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>nmaddentry</TT
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> Perl script to add entries to the NetMeeting directory
|
|
</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>nmdirectory</TT
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
> Perl/Tk script to query the NetMeeting directory
|
|
</TD
|
|
></TR
|
|
></TBODY
|
|
></TABLE
|
|
></DIV
|
|
><P
|
|
> Copy <TT
|
|
CLASS="FILENAME"
|
|
>netmeeting.perl</TT
|
|
> to the
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>/usr/local/libexec</TT
|
|
> directory,
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>netmeeting.schema</TT
|
|
> to the
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>/usr/local/etc/openldap/schema</TT
|
|
>
|
|
directory,
|
|
and copy both <TT
|
|
CLASS="FILENAME"
|
|
>slapd.conf</TT
|
|
>
|
|
and <TT
|
|
CLASS="FILENAME"
|
|
>slapd2.conf</TT
|
|
> to the
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>/usr/local/etc/openldap</TT
|
|
> directory.
|
|
</P
|
|
><P
|
|
> Be sure to use <TT
|
|
CLASS="FILENAME"
|
|
>core.schema.patch</TT
|
|
> to patch
|
|
openldap's core schema in the
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>/usr/local/etc/openldap/schema</TT
|
|
>
|
|
directory:
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>bash$ <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>cd /usr/local/etc/openldap/schema</B
|
|
></TT
|
|
>
|
|
bash$ <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>ls</B
|
|
></TT
|
|
>
|
|
corba.schema inetorgperson.schema misc.schema nis.schema
|
|
core.schema java.schema nadf.schema openldap.schema
|
|
cosine.schema krb5-kdc.schema netmeeting.schema
|
|
bash$ <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>cp core.schema core.schema.bak</B
|
|
></TT
|
|
>
|
|
bash$ <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>patch core.schema < ~/core.schema.patch</B
|
|
></TT
|
|
>
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> Create the directory
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>/usr/local/var/openldap-netmeeting</TT
|
|
>
|
|
to store the LDAP database, and make it world writable.
|
|
</P
|
|
><P
|
|
> Especially if you're using directories from the samples, edit
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>slapd.conf</TT
|
|
> and <TT
|
|
CLASS="FILENAME"
|
|
>slapd2.conf</TT
|
|
>
|
|
and verify their configuration settings.
|
|
</P
|
|
><P
|
|
> You will need to run two copies of <B
|
|
CLASS="COMMAND"
|
|
>slapd</B
|
|
>.
|
|
One uses <TT
|
|
CLASS="FILENAME"
|
|
>slapd.conf</TT
|
|
>
|
|
and must be started as root, since it binds to port 389.
|
|
The <TT
|
|
CLASS="OPTION"
|
|
>-u</TT
|
|
> option can be specified to cause
|
|
<B
|
|
CLASS="COMMAND"
|
|
>slapd</B
|
|
> to <TT
|
|
CLASS="FUNCTION"
|
|
>chown</TT
|
|
>
|
|
to an unprivileged user after binding the port (a wise precaution).
|
|
The other <B
|
|
CLASS="COMMAND"
|
|
>slapd</B
|
|
>
|
|
uses <TT
|
|
CLASS="FILENAME"
|
|
>slapd2.conf</TT
|
|
>, binds to an unprivileged
|
|
port, and only needs
|
|
sufficient privilege to write the database directory.
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>bash# <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>/usr/local/libexec/slapd -f /usr/local/etc/openldap/slapd.conf -u nobody</B
|
|
></TT
|
|
>
|
|
bash$ <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>/usr/local/libexec/slapd -h ldap://localhost:2345/ -f /usr/local/etc/openldap/slapd2.conf</B
|
|
></TT
|
|
>
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> You now have to initialize the slave database with a single entry.
|
|
This is only done once, by running the <TT
|
|
CLASS="FILENAME"
|
|
>initialize</TT
|
|
>
|
|
script
|
|
included in the kit. The "rootdn" and "rootpw" entries are
|
|
in the slave config file to allow access for the initialization
|
|
script, and must match the <TT
|
|
CLASS="OPTION"
|
|
>-D</TT
|
|
> and <TT
|
|
CLASS="OPTION"
|
|
>-w</TT
|
|
>
|
|
options in the script.
|
|
Once you've initialized the database with a single parent
|
|
entry, you can comment out the "rootdn" and "rootpw" lines
|
|
from <TT
|
|
CLASS="FILENAME"
|
|
>slapd2.conf</TT
|
|
>, though this is not critical.
|
|
</P
|
|
><P
|
|
> The server should now be up and running.
|
|
For systems with <TT
|
|
CLASS="FILENAME"
|
|
>/etc/rc.d/</TT
|
|
>
|
|
style initialization scripts (like RedHat),
|
|
the <TT
|
|
CLASS="FILENAME"
|
|
>slapd.rc</TT
|
|
> is provided to automate the
|
|
starting and stopping of the <B
|
|
CLASS="COMMAND"
|
|
>slapd</B
|
|
>s.
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECTION"
|
|
><H2
|
|
CLASS="SECTION"
|
|
><A
|
|
NAME="SECURITY"
|
|
>3.6. Server Security</A
|
|
></H2
|
|
><P
|
|
> As shown above, I run both <B
|
|
CLASS="COMMAND"
|
|
>slapd</B
|
|
>s
|
|
as an unprivileged user, minimizing the possibility of compromised
|
|
security due to a bug in either the server software or the Perl
|
|
script. Of course, this requires the database directory
|
|
to be world writable so that the unprivileged slave server can
|
|
update it. This isn't as glaring a hole as it might first appear,
|
|
since the NetMeeting clients themselves use no authentication.
|
|
Thus, even if the database directory were better protected,
|
|
anyone on a local or remote host could use LDAP client
|
|
programs to delete or modify any of the database entries.
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECTION"
|
|
><H2
|
|
CLASS="SECTION"
|
|
><A
|
|
NAME="WINDOWS2000LDAP"
|
|
>3.7. LDAP issues with Windows 2000</A
|
|
></H2
|
|
><P
|
|
> Recent NetMeeting releases initially attempt to connect
|
|
to the LDAP directory server on port 1002. As described in a
|
|
<A
|
|
HREF="http://www.microsoft.com/TechNet/chats/trans/iis1208.asp"
|
|
TARGET="_top"
|
|
>TechNet chat</A
|
|
>,
|
|
<A
|
|
NAME="AEN303"
|
|
></A
|
|
><BLOCKQUOTE
|
|
CLASS="BLOCKQUOTE"
|
|
><P
|
|
>Prior to Windows
|
|
2000, an ILS server would listen on port 389 for NetMeeting clients. When an
|
|
ILS server is set up on a Windows 2000 machine, it will default to port 1002.
|
|
</P
|
|
></BLOCKQUOTE
|
|
>
|
|
If a connection to port 1002 is rejected, NetMeeting will fall back
|
|
on the standard LDAP port 389. However, at least one user has reported
|
|
trouble with a firewall that blocks port 1002, discards the
|
|
connection attempts, and thus no replies are received to
|
|
reject the connection. In this case, NetMeeting takes about a minute
|
|
to timeout and fall back to port 389. Opening the firewall to
|
|
port 1002 allowed the rejects through and triggered a rapid fallback.
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECTION"
|
|
><H2
|
|
CLASS="SECTION"
|
|
><A
|
|
NAME="INTEROPERATION"
|
|
>3.8. Interoperation with other LDAP service</A
|
|
></H2
|
|
><P
|
|
> The instructions above assume that your LDAP server is only
|
|
being used for NetMeeting directory service. Yet what if you
|
|
want to use a single server for both NetMeeting directory service
|
|
and other LDAP service? Only one server can be bound to port 389,
|
|
but OpenLDAP allows multiple database sections to be specified
|
|
in its configuration file, each serving different parts of the
|
|
LDAP namespace. NetMeeting uses only the "objectClass=RTPerson"
|
|
subtree, so as long as you avoid this subtree, you can configure
|
|
additional database sections to serve other subtrees with other
|
|
databases. The biggest problem you are likely to encounter is
|
|
the custom NetMeeting schema, which conflicts slightly with the
|
|
standard schema. Since the NetMeeting schema is more liberal
|
|
than the standard schema, I'd suggest commenting out the conflicting
|
|
parts of the standard schema. NetMeeting clients won't work with
|
|
the standard schema. See the LDAP RFCs and the OpenLDAP documentation
|
|
for more information about configuring LDAP servers.
|
|
</P
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="openh323.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="using.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>OpenH323</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
> </TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Using the Software</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |