[Gllug] LDAP

Simon Stewart sms at lateral.net
Tue Sep 25 11:05:48 UTC 2001


On Mon, Sep 24, 2001 at 04:07:17PM +0100, Simon Stewart wrote:
> So, in a ceaseless quest to be as lazy as possible I've started down
> the LDAP path. I've got as far as setting up a basic OenLDAP server,
> and I am now setting up a Kerberos server to make the entire thing a
> touch more secure, but after that I'm going to start running into
> interesting brick walls.
> 
> Has anyone had a play with LDAP? One of the things I'd like to be do
> with minimal grief is to centralise my user administration, and only
> have to create an LDAP entry to let someone log onto any machine that
> I feel they should be able to (creating the home directory if it
> doesn't already exist, for example) Whilst pam_ldap allows me to do
> the authentication, I doubt that it'll create the account on the fly
> (oh yes, no centralised storage here, either, but that'll be the next
> thing on the list) and I'm not sure how to go about checking the
> access rights on a per-server basis.
> 
> Anyone got any pointers? All the FM that I can find get as far as
> "here's how to set up the server" and then seem to avoid going any
> further down the road and present how to do all the cool things that
> LDAP should allow you to get away with....

And to add to the mayhem, it'd be nice if the various programs that
are littered around my system actually made an attempt to authenticate
against LDAP (eg. screen savers, sudo, etc) Any ideas? Or must I write
some perl to open a named pipe at /etc/passwd and to query LDAP for
each and every line. Not elegant, and prone to disaster if the server
is unreachable....

Cheers,

Simon

-- 
And tomorrow will be like today, only more so.
		-- Isaiah 56:12, New Standard Version

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list