Re: [Hampshire] Easy user management in LDAP

On Tue, 27 Oct 2009 00:00:29 +0000, Stuart Sears <stuart@???>
wrote:
> On 25/10/09 10:23, Samuel Penn wrote:
>>
>> Hi all,
>>
>> I'm in the process of building a new home server, and rather
>> than go down the route of having each service (mail, IM, web etc)
>> use it's own user directory was thinking of using OpenLDAP.
>
> Are these services running on multiple hosts, or on your new server?
> If not, what do you see as the advantages of using a centralised
> directory service like LDAP?

Several hosts, most of them virtual. If nothing else, there's also
the learning opportunity since it's something I'd like to know
how to do.

>> However, I can't find any easy way of setting up and configuring
>> OpenLDAP as a simple user directory. Does anyone know of any
>> good tools that will allow this?
>
> What do you mean by a 'simple' user directory?
> Which information would you like to store about users?

By 'simple', I'm more referring to my expectation that nothing
that I want to do is out of the ordinary and that I have no
requirements beyond what anyone else would have in terms of
managing users for access to typical services (mail, web, login
etc).

I've looked at LDAP before (to the extent of developing an
application around it), and I'm aware that it's very powerful and
flexible. However, I'd expect that my requirements are pretty
common and that there'd be some standard set of tools and
configurations for doing what I need.

> Just Authentication/Authorisation? (shadow/passwd/group)?

Pretty much. Courier needs to be plugged into it as well, so
there may be need for an email address.

Last night, I got Apache and DokuWiki talking to LDAP, with
DokuWiki using the ACLs based off LDAP groups. I also
discovered that Konqueror can browse the LDAP server and
edit objects, which is kind of useful.

I'll take a look at everybody's suggested tools as soon as a get
a chance. My next task however is probably integrating it with
Samba and CUPS.

Sam.