Nope.. Once in LDAP and everything is configured correctly on the linux box, you don't have to do anything to passwd or shadow to let a user log on to the box. I currently have this kind of setup using RHEL and it works great!
-----Original Message----- From: fedora-directory-devel-bounces@redhat.com [mailto:fedora-directory-devel-bounces@redhat.com] On Behalf Of T.J. Yang Sent: Wednesday, August 24, 2005 9:34 AM To: fedora-directory-devel@redhat.com Subject: Re: [Fedora-directory-devel] Does FDS 7.1 support RFC2307 ?
From: Keith Sharp kms@passback.co.uk Reply-To: kms@passback.co.uk,"Fedora Directory server developer discussion." fedora-directory-devel@redhat.com To: fedora-directory-devel@redhat.com Subject: Re: [Fedora-directory-devel] Does FDS 7.1 support RFC2307 ? Date: Wed, 24 Aug 2005 14:15:43 +0100
On Wed, 2005-08-24 at 07:11 -0500, T.J. Yang wrote:
Reading RFC 2307 Section 5.1 and 5.2 but it is still vague for me. Which OS and which software module has Secction 5.2 functions
implemented ?
I have done a degree of NIS replacement (passwd, group and automount entries) using the Fedora Core Linux operating system as both the
client
and the server. The LDAP server I used was OpenLDAP.
The functions in section 5.2 are normally implemented in the standard libc library. On Fedora Core that is glibc, and the implementation
uses
the files /etc/nsswitch.conf to determine which directory to use to lookup information: files, NIS, LDAP, etc. For authentication you may also need to configure the PAM system to use LDAP. Fedora Core
provides
a utility called system-config-authentication that has a simple GUI for configuring these systems.
I played with LDAP authentition a while back. I was quite happy I could have a ftp server(proftpd ?) setup to use ldap auth. I went on to pursure telnet authentication. after helps from others, I was able to setup a RH9 box to authenticate user from my corporate ldap account. but the catch is before ldap user can login, I need to create that same ldap account locally in /etc/passwd file. This sort of beat the purpose of ldap auth. I havn't pursue this for about two years, Is RHEL3/4 still require the inseration of user entry into /etc/passwd ?
My goal is to have configure a Unix box to allow telnet/ssh login from users with a valid ldap account.Also I like to restrict the login access base on a ldap user's group.
tj
Support on other operating systems and libc implementations will vary, you should contact the vendors or appropriate support groups for those operating systems.
Keith.
-- Fedora-directory-devel mailing list Fedora-directory-devel@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-devel
-- Fedora-directory-devel mailing list Fedora-directory-devel@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-devel
Last time I played with this, you did still have to create users home directories, though, so you can't completely avoid touching the box. But... a fairly easy way to fix this is to have a cron job that runs periodically that looks at ldap and creates (and deletes if you want) home directories as appropriate.
- Jeff
David Irving wrote:
Nope.. Once in LDAP and everything is configured correctly on the linux box, you don't have to do anything to passwd or shadow to let a user log on to the box. I currently have this kind of setup using RHEL and it works great!
On Wed, 24 Aug 2005 09:55:52 -0400 Jeff Clowser jclowser@unitedmessaging.com wrote:
Last time I played with this, you did still have to create users home directories, though, so you can't completely avoid touching the box. But... a fairly easy way to fix this is to have a cron job that runs periodically that looks at ldap and creates (and deletes if you want) home directories as appropriate.
- Jeff
David Irving wrote:
Nope.. Once in LDAP and everything is configured correctly on the linux box, you don't have to do anything to passwd or shadow to let a user log on to the box. I currently have this kind of setup using RHEL and it works great!
-- Fedora-directory-devel mailing list Fedora-directory-devel@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-devel
I haven't done much work with NIS and FDS, however, in openldap using the nis.schema you could create automount entries that would allow you to mount those home directories on the fly.
This is probably a good one for the how-to section, I'll do some research and see what I can come up with. If anyone has any success please feel free to respond to the list and I can get that information posted for others.
Thanks
Adam Stokes wrote:
On Wed, 24 Aug 2005 09:55:52 -0400 Jeff Clowser jclowser@unitedmessaging.com wrote:
Last time I played with this, you did still have to create users home directories, though, so you can't completely avoid touching the box. But... a fairly easy way to fix this is to have a cron job that runs periodically that looks at ldap and creates (and deletes if you want) home directories as appropriate.
- Jeff
David Irving wrote:
Nope.. Once in LDAP and everything is configured correctly on the linux box, you don't have to do anything to passwd or shadow to let a user log on to the box. I currently have this kind of setup using RHEL and it works great!
I haven't done much work with NIS and FDS, however, in openldap using the nis.schema you could create automount entries that would allow you to mount those home directories on the fly.
Ah - if you have an nfs server with users home directories, you can (and a good idea, I'd say). I was thinking more along the lines of home directories on a local disk, in which case I think you'd have to create home dirs for users.
- Jeff
389-devel@lists.fedoraproject.org
-
Adam Stokes -
David Irving -
Jeff Clowser