[KLUG Members] Centralized authentication w/NIS Samba and LDAP

Adam Williams members@kalamazoolinux.org
03 Nov 2002 21:55:08 -0500 

>>I would like to be able to keep all my user information all in one
>>place.  Whether the person is on Windows, Linux, IRIX or Solaris.
>>LDAP definatilly looks like the place to start or end or work on in
>>the middle.
>>does any one have any input?

Does IRIX not support LDAP natively?  I thought they had PAM.  If so you
don't need NIS, which is just an insecure pain.

>>Does any one have any good resource to do such beast?

ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf

>Frankly, I'd love to learn more about LDAP. Sadly, much of it seems to
>be very DIY (and I don't mean Linux DIY, I mean Linux-and-bash-and-gcc
>from Scratch DIY).  

Nope, recent RedHats comes with all the bits you need in the RPMS.  Even
their authconfig supports setting up LDAP.  Their sendmail is linked to
liblber and libldap, etc...

>Although our previous SIG, on PHP, wasn't a rousing
>success, I'd like to announce my interest in meeting at various times to
>explore LDAP.  

Sure, its my favorite topic.

>Perhaps we could explore trying to create scripting tools
>to create and manage LDAP accounts and permissions. 

These already exist in spades.  The Migration Scripts from PADL will
carry all your flat files over into LDIF for creating a Dit that
provides all the services NIS typically manages.

>Though this sounds very off-topic, 

How so?

>I'm getting a new car and will be willing to travel for
>such a meeting.  I know I need more user-friendly tools (you know,
>users: people who perform a useful task on the computer and then TURN IT
>OFF) for CARES account management. 

>Either a PHP web page, 

There are a few of these floating about, they are pretty easy to write -
even I've done one.

>or a GTK app

GQ for generic LDAP work, DirectoryAdministrator for managing
user/groups, etc... in a DSA.

>capable of being exported to a remote Winblows desktop via X or VNC.
>Hell, even a bash script, or bash script tools, would be nice.

cpu, a package that replaces adduser, deluser, etc... and operates off a
DSA.