First success, feedback & questions
by Nicolas Kovacs
Hi,
I spent some more time reading and experimenting. I'm slowly beginning
to see a path emerge in the directory jungle. Here's some odd notes,
impressions and questions.
1. Setting up a basic directory using 389 DS is extremely easy. It's
more or less just a matter of installing 389-ds-* related packages on
the server, run the 389-*.pl setup script, connect to the database and
then add user information. Doing the same thing using OpenLDAP is a
relatively painful experience, since it involves manually configuring
and setting up things using ldapmodify, ldapadd and a bunch of
handcrafted LDIF files. My basic instinct tells me to rather opt for 389
DS for that reason.
2. I setup a complete 389 DS on a spare sandbox machine running CentOS 7
in my office. Since the 389 Console requires a graphical environment, I
setup X11 and installed a basic window manager (WindowMaker, my first
one back in 2001 under Slackware 7.1). Worked like a charm even on my
very first attempt. I vaguely sense I like 389 DS.
3. I did a Quick & Dirty setup on a sandbox client desktop running
OpenSUSE Leap 15.1 KDE. On the 389 DS server I created a few users and
filled in the relevant POSIX account information. On the clients I
opened YaST and pointed it to my 389 DS server instead of local
authentication. No NFS for the moment, I just created the corresponding
home directories manually for the moment. Logged out and found all my
users in the SDDM login manager. Tried to log in. JustWorks(tm). :o)
4. Ideally, I would like to only install the minimal 389-ds-base package
on the server, and then use a lightweight tool to manage my directory
instead of the 389 Console that requires a graphical environment. As far
as I can tell, there's solutions like PHPLdapAdmin or LDAP Account
Manager for the server. Aren't there any simple GUI tools that I can
install on my laptop (MacBook Pro running OpenSUSE Leap 15.1 instead of
Mac OS) and that enable me to connect to my directory? I found some
tools like GQ or JXplorer, but they all seem unmaintained/dead. Any
suggestions?
Cheers from the sunny South of France,
Niki
--
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Mail : info(a)microlinux.fr
Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12
3 years, 7 months
Introduction & few notes
by Nicolas Kovacs
Hi,
I'm new to this list, so let me introduce myself. I'm a 52-year old
Austrian living in South France, and I'm the manager of a small IT
company with a focus on Linux and Open Source Software.
I'm the system administrator of our local school, where I have setup a
small 100 % GNU/Linux network consisting of two servers running CentOS 7
and 20 desktop clients running OpenSUSE Leap 15.1.
Currently the network uses a bone-headed single-sign-on configuration
based on NIS and NFS. I'm well aware of the potential flaws of this
setup, and I intend to replace it. In the past I've tried to wrap my
head around LDAP, but I bluntly admit I failed miserably every time.
I just read the "Single Sign On" chapter in the fine "Unix & Linux
System Administration Handbook", which states 389 Directory Server as a
preferable alternative to the plain OpenLDAP server.
I have three sandbox machines in my office and some time to experiment,
and I've even managed so far to install 389 DS on one of these machines
using the online documentation and various tutorials.
First things first. I'm a new user, so I checked out the project pat at
https://www.port389.org/. I clicked on "Get started with a new
install"... and got stuck since the documentation doesn't work on my
system (CentOS 7).
* https://www.port389.org/docs/389ds/howto/quickstart.html
Eventually I figured out that Red Hat DS has a working documentation,
although I felt a bit like someone looking for a receipt for pasta
bolognese and getting a full-blown online course in food biochemistry.
The QuickStart page sports a link "If you want to learn more about what
ldap is, you should read our “ldap concepts” guide." So I clicked on
that but unfortunately the link is dead. I admit I have yet to find a
comprehensive introduction to LDAP that is suitable for folks like me
with an IQ below 200.
Any suggestions ?
Cheers from the sunny South of France,
Niki Kovacs
--
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Mail : info(a)microlinux.fr
Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12
3 years, 7 months
389 Directory Install Question
by Townsley, Eric L
Hi,
Do you have to install as root?
Thanks
Eric
Please consider the environment before printing this email and any attachments.
This e-mail and any attachments are intended only for the individual or company to which it is addressed and may contain information which is privileged, confidential and prohibited from disclosure or unauthorized use under applicable law. If you are not the intended recipient of this e-mail, you are hereby notified that any use, dissemination, or copying of this e-mail or the information contained in this e-mail is strictly prohibited by the sender. If you have received this transmission in error, please return the material received to the sender and delete all copies from your system.
3 years, 7 months
