Thanks for the input. I would not recommend RH423 for those who are trying to immediately deploy ldap or Keberos across a network. There is just no way someone new to ldap/Kerberos can gain enough insight into all the possible problems and gotchas in four days of instruction! If you need to use ldap immediately hire a good consultant! I do highly recommend the course to those who have time to plot and plan their implementation. The course was very good about walking through all the cli tools and the steps needed to create and manage ldap.
Even if you plan to use openldap directly and not Redhat Directory Service, the course is worth the time. It gives you a quick foundation to build on.
Phpldapadmin is where I am going to start. Has anyone seen a practical implementation using Webmin?
-----Original Message----- From: fedora-directory-devel-bounces@redhat.com [mailto:fedora-directory-devel-bounces@redhat.com] On Behalf Of Mike Jackson Sent: Friday, July 21, 2006 9:07 AM To: Fedora Directory server developer discussion. Subject: Re: [Fedora-directory-devel] General use questions and diffs fromNetscape
Deas, Jim wrote:
I recently completed Redhats course on Directory Services and decided
to
setup a test deployment using Fedora. In the course of doing this I
came
across a couple of issues that I need to answer before I could use Directory as a valid authentication system.
What did you think about the course?
- The web interface appears to create/handle group entrys different
from those migrated from the local files using the Redhat class
altered
paddle scripts. From the class I remember changing the 'group' schema
to
'groups'. End result, is there a way to create/manage 'groups' schema entries using the Directory web page that match those created when my existing /etc/group was migrated using the altered paddle scripts. If not, why does Redhat suggest this change in their class?
The web interface is not meant to be a full-blown user management solution. You'd do much better with something like phpldapadmin, or writing your own command line tools.
- Is there a way that the Directory web page can be used to create
new
user accounts that include an autogen uid and gid? Currently it
appears
to create a new user with all the posix data turned off. This is fine from a management position as long as a uid generator exist to keep me safe from producing duplicate uid/gid numbers.
I wrote a user addition script which supports uid uniqueness checking for manually specified uids, as well as auto incrementing of uid if desired (does a search, sorts the uid list, and adds 1).
http://www.netauth.com/~jacksonm/ldap/newuser.pl
Just edit the configuration section to match your setup, and you're all set.
NOTE that this is not a very advanced tool, but the price is right :-) I
have written some very advanced ones, but they are not open source...
BR, Mike
389-devel@lists.fedoraproject.org