<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 05/10/2013 04:42 AM, Carsten Grzemba
wrote:<br>
</div>
<blockquote cite="mid:ff0cc23521e4.518ceb41@contac-dt.de"
type="cite"><br>
<br>
<span>Am 09.05.13 schrieb <b class="name">Rich Megginson </b>
<a class="moz-txt-link-rfc2396E" href="mailto:rmeggins@redhat.com"><rmeggins@redhat.com></a>:</span>
<blockquote cite="mid:518BB503.8070700@redhat.com"
class="iwcQuote" style="border-left: 1px solid #00F;
padding-left: 13px; margin-left: 0;" type="cite">
<div class="mimepart text html"><span>
<p>
<meta content="text/html; charset=UTF-8"
http-equiv="Content-Type">
<table>
<tbody>
<tr>
<td text="#000000" bgcolor="#FFFFFF">
<p> </p>
<div class="moz-cite-prefix">On 05/09/2013 08:28
AM, Steve Ovens wrote:<br>
</div>
<blockquote
cite="mid:CACrjgqh=MrmBYxa95zqi-nz_Ur-WJtjG+RVb0rRqwe9dWcs2ww@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>Thanks for the responses.<br>
<br>
</div>
I dont know why I didnt find that manual
when I was googling. Perhaps because it
is for the RH DS and I was searching 389
(I realize they are quite similar)<br>
<br>
</div>
As to the FreeIPA, I may investigate this
in the future but the issue I have here is
that I have a DS in service already so its
not really a fair solution to switch
products.<br>
<br>
</div>
Does FreeIPA provide Active Directory Sync.<br>
</div>
</div>
</blockquote>
<br>
Yes, although freeipa is slightly different:<br>
1) it does not do group sync<br>
2) it only syncs adds from AD -> DS - it does
not sync adds from DS -> AD<br>
3) it will sync account disable/enable</td>
</tr>
</tbody>
</table>
</p>
</span></div>
</blockquote>
posix-winsync should sync account disable/enable too, if not it is
a bug ;-)<br>
</blockquote>
<br>
Yes. Thanks!<br>
<br>
<blockquote cite="mid:ff0cc23521e4.518ceb41@contac-dt.de"
type="cite">
<blockquote cite="mid:518BB503.8070700@redhat.com"
class="iwcQuote" style="border-left: 1px solid #00F;
padding-left: 13px; margin-left: 0;" type="cite">
<div class="mimepart text html"><span>
<p>
<table>
<tbody>
<tr>
<td text="#000000" bgcolor="#FFFFFF"><br>
<br>
<blockquote
cite="mid:CACrjgqh=MrmBYxa95zqi-nz_Ur-WJtjG+RVb0rRqwe9dWcs2ww@mail.gmail.com"
type="cite">
<div dir="ltr">
<div> <br>
</div>
Thanks again for the replies<br>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Thu, May 9, 2013
at 6:03 AM, Petr Spacek <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:pspacek@redhat.com"
target="1">pspacek@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">Hello,<br>
<br>
On 8.5.2013 20:53, Steve Ovens wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex"> Hi,<br>
<br>
I have been quite happily using 389 for
around a year, and while I am not<br>
at all advanced I have been able to add
Samba and sudoers to 389. I am now<br>
attempting to add openssh keys to the
user entries I am using the<br>
openssh-lpk_openldap.schema:<br>
</blockquote>
<br>
IMHO the FreeIPA project could help you a
lot. It contains pre-baked solutions for
common problems like central management of
sudoers and ssh authorized_keys, including
management utilities (with CLI, WebUI, XML
RPC, JSON RPC).<br>
<br>
Homepage: <a href="http://freeipa.org/"
moz-do-not-send="true" target="1">http://freeipa.org/</a><br>
Users list: <a
href="http://www.redhat.com/mailman/listinfo/freeipa-users"
moz-do-not-send="true" target="1">http://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
<br>
The home page is undergoing a major
redesign at the moment, because it is a
bit confusing to newcomers. I would
recommend you to ask freeipa-users list if
you can't find what you are looking for.<br>
<br>
And BTW - FreeIPA is based on 389 DS.<br>
<br>
I'm sorry for the advertisement.<br>
<br>
Petr^2 Spacek<br>
<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex"> #<br>
# LDAP Public Key Patch schema for use
with openssh-ldappubkey<br>
# Author: Eric AUGE <<a
moz-do-not-send="true"
href="mailto:eau@phear.org" target="1">eau@phear.org</a>><br>
#<br>
# Based on the proposal of : Mark
Ruijter<br>
#<br>
<br>
<br>
# octetString SYNTAX<br>
attributetype (
1.3.6.1.4.1.24552.500.1.1.1.13 NAME
'sshPublicKey'<br>
DESC 'MANDATORY: OpenSSH Public
key'<br>
EQUALITY octetStringMatch<br>
SYNTAX
1.3.6.1.4.1.1466.115.121.1.40 )<br>
<br>
# printableString SYNTAX yes|no<br>
objectclass (
1.3.6.1.4.1.24552.500.1.1.2.0 NAME
'ldapPublicKey' SUP top<br>
AUXILIARY<br>
DESC 'MANDATORY: OpenSSH LPK
objectclass'<br>
MAY ( sshPublicKey $ uid )<br>
)<br>
<br>
<br>
I have run this through the <a
href="http://ol-schema-migrate.pl"
moz-do-not-send="true" target="1">ol-schema-migrate.pl</a>
and placed the output in<br>
/etc/dirsrv/slapd-ds/schema/62sshkeys.ldif.<br>
<br>
I have restarted the server and there
were no errors produced so I am<br>
assuming that it took the ldif fine.<br>
<br>
How do I go about using the new schema.
I have googled around quite a bit,<br>
but I must be missing something. I would
appreciate any pointers and I<br>
fully intend on publishing a how-to on
this (as I do for most things over<br>
at <a href="http://overclockers.com"
moz-do-not-send="true" target="1">overclockers.com</a><<a
href="http://www.overclockers.com/forums/showthread.php?t=730515"
moz-do-not-send="true" target="1">http://www.overclockers.com/forums/showthread.php?t=730515</a>><br>
)<br>
<br>
Any guidance would be greatly
appreciated!<br>
</blockquote>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<font size="1">Red Hat Certified Engineer<br>
Ubuntu Certified Professional<br>
Novell Datacenter Specialist<br>
Novell Certified Linux Administrator<br>
LPIC-1 Certified<br>
Linux+ Certified</font><br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">--
389 users mailing list
<a moz-do-not-send="true" href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="1">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</td>
</tr>
</tbody>
</table>
</p>
</span></div>
</blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">--
389 users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</body>
</html>