Re: [Hampshire] Easy user management in LDAP

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMChris Aitken at <-
MSamuel Penn at ->

Reply to this message
Author: STuart Sears
Date:  
To: Hampshire LUG Discussion List
Subject: Re: [Hampshire] Easy user management in LDAP
Samuel Penn wrote:
[...]
> Several hosts, most of them virtual. If nothing else, there's also
> the learning opportunity since it's something I'd like to know
> how to do.

I hear that. Been there and done it - do quite a lot of LDAP stuff these
days as a result.

>
>>> However, I can't find any easy way of setting up and configuring
>>> OpenLDAP as a simple user directory. Does anyone know of any
>>> good tools that will allow this?
>> What do you mean by a 'simple' user directory?
>> Which information would you like to store about users?
>
> By 'simple', I'm more referring to my expectation that nothing
> that I want to do is out of the ordinary and that I have no
> requirements beyond what anyone else would have in terms of
> managing users for access to typical services (mail, web, login
> etc).

ooh I could get nitpicky there :) But I won't.
The fun with this is all about the fact that many apps use different
attributes for different bits of information.

> I've looked at LDAP before (to the extent of developing an
> application around it), and I'm aware that it's very powerful and
> flexible. However, I'd expect that my requirements are pretty
> common and that there'd be some standard set of tools and
> configurations for doing what I need.

>> Just Authentication/Authorisation? (shadow/passwd/group)?
>
> Pretty much. Courier needs to be plugged into it as well, so
> there may be need for an email address.

> Last night, I got Apache and DokuWiki talking to LDAP, with
> DokuWiki using the ACLs based off LDAP groups. I also
> discovered that Konqueror can browse the LDAP server and
> edit objects, which is kind of useful.

Sounds good.
Which schema did you choose? users as InetOrgPerson?
for proper UNIX/PAM auth you'll probably want
shadowAccount
posixAccount
posixGroup
objectclasses as well.

> I'll take a look at everybody's suggested tools as soon as a get
> a chance. My next task however is probably integrating it with
> Samba and CUPS.

SMB:
you'll need sambaSAMAccount for samba users in LDAP
other than that the basics are documented here:
http://aput.net/~jheiss/samba/ldap.shtml
http://wiki.samba.org/index.php/Samba_&_LDAP


CUPS:
Create an ou=printers container under your main suffix

Add the cups LDAP schema to your openLDAP server
(nb I just found this, which didn't appear in web searches when I was
trying to do this for real...)

http://itsecureadmin.com/wiki/index.php/Printer_schema
http://itsecureadmin.com/wiki/index.php/LDAP_Printing

Regards,

Stuart





This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] Bad KarmaRe: [Hampshire] Americanisations (Was: Bad Karma)->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)