[Fedora-directory-devel] General use questions and diffs fromNetscape
Deas, Jim
James.Deas at warnerbros.com
Fri Jul 21 19:33:26 UTC 2006
Thanks for the input.
I would not recommend RH423 for those who are trying to immediately
deploy ldap or Keberos across a network. There is just no way someone
new to ldap/Kerberos can gain enough insight into all the possible
problems and gotchas in four days of instruction! If you need to use
ldap immediately hire a good consultant! I do highly recommend the
course to those who have time to plot and plan their implementation. The
course was very good about walking through all the cli tools and the
steps needed to create and manage ldap.
Even if you plan to use openldap directly and not Redhat Directory
Service, the course is worth the time. It gives you a quick foundation
to build on.
Phpldapadmin is where I am going to start. Has anyone seen a practical
implementation using Webmin?
-----Original Message-----
From: fedora-directory-devel-bounces at redhat.com
[mailto:fedora-directory-devel-bounces at redhat.com] On Behalf Of Mike
Jackson
Sent: Friday, July 21, 2006 9:07 AM
To: Fedora Directory server developer discussion.
Subject: Re: [Fedora-directory-devel] General use questions and diffs
fromNetscape
Deas, Jim wrote:
> I recently completed Redhats course on Directory Services and decided
to
> setup a test deployment using Fedora. In the course of doing this I
came
> across a couple of issues that I need to answer before I could use
> Directory as a valid authentication system.
What did you think about the course?
> 1) The web interface appears to create/handle group entrys different
> from those migrated from the local files using the Redhat class
altered
> paddle scripts. From the class I remember changing the 'group' schema
to
> 'groups'. End result, is there a way to create/manage 'groups' schema
> entries using the Directory web page that match those created when my
> existing /etc/group was migrated using the altered paddle scripts. If
> not, why does Redhat suggest this change in their class?
The web interface is not meant to be a full-blown user management
solution. You'd do much better with something like phpldapadmin, or
writing your own command line tools.
> 2) Is there a way that the Directory web page can be used to create
new
> user accounts that include an autogen uid and gid? Currently it
appears
> to create a new user with all the posix data turned off. This is fine
> from a management position as long as a uid generator exist to keep me
> safe from producing duplicate uid/gid numbers.
I wrote a user addition script which supports uid uniqueness checking
for manually specified uids, as well as auto incrementing of uid if
desired (does a search, sorts the uid list, and adds 1).
http://www.netauth.com/~jacksonm/ldap/newuser.pl
Just edit the configuration section to match your setup, and you're all
set.
NOTE that this is not a very advanced tool, but the price is right :-) I
have written some very advanced ones, but they are not open source...
BR,
Mike
--
http://www.netauth.com - LDAP Directory Consulting
--
Fedora-directory-devel mailing list
Fedora-directory-devel at redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-devel
More information about the Fedora-directory-devel
mailing list