On 12/1/09 6:40 PM, "Alan McKay" alan.mckay@gmail.com wrote:
Take a look at documentation here: http://directory.fedoraproject.org/wiki/Documentation
I'll go through that again, thanks. I went through it a week ago but did not find anything too useful, but I'm further along now and a week is a long time when you are just starting out.
It will take time to learn LDAP as it is a huge topic. Here's a book I would recommend: LDAP System Administration by Gerald Carter(O'Reilly Publication)
To authenticate linux users, you will have to configure you client hosts to ldap server by configuring /etc/ldap.conf Which can be done using GUI/cmdline via authconfig-tui/authconfig --help
Aha, this gives me a tidbit of what I'm looking for! Enough to probably find some good results with man pages and google! Thanks!
Google for "How to setup LDAP authentication" and there is ton of info.
Look at Administration Guide http://www.redhat.com/docs/manuals/dir-server/8.1/admin/index.html
This I spent most of my day on today and as mentioned there is nothing really there for me on how to get cilents working against this. Sure, lots of great detail on setting up every aspect of the server and stuff I'll have to come back to (e.g. multi-master replication, password expiry and such), but not a single thing in the whole guide on "here is how you get client XYZ to work with LDAP"
Again, setting up simple (basic) LDAP authentication is configuring ldap.conf and nsswitch.conf . But it is not sufficient, you have to make changes here and there to meet all your requirements
Do they need local accounts too? Local accounts are needed for root and other service accounts
Cool
Local disks? Not sure what this means
If you do not have a local account, then where does your home dir come from? Must come from a network disk, no? But what if I want local disk, but authenticate through LDAP? Can I do that too? And if there is no local user, how do I chown files on the drive to that user?
Having a homer Directory is irrespective of where the account lives. You definitely need a local disk where you OS is installed, unless you are using Virtual machine and SAN storage. You can set PAM Module to create homedir on login and change to it.(authconfig --enablemkhomedir)
http://www.mail-archive.com/seawolf-list@redhat.com/msg03331.html
What about website? Wikis? All currently using htpasswd. How do I convert those? For websites, you can refer to Apache authentication via LDAP
Will do - thanks!
-Prashanth
On Wed, Dec 2, 2009 at 10:40 AM, Prashanth Sundaram psundaram@wgen.net wrote:
It will take time to learn LDAP as it is a huge topic. Here's a book I would recommend: LDAP System Administration by Gerald Carter(O'Reilly Publication)
Yeah, no kidding - holy moly! I just ordered that book about 30 minutes ago actually because everyone keeps recommending it to me.
Google for "How to setup LDAP authentication" and there is ton of info.
Too much :-) My first test was a failure - locked myself out of the system. Fortunately I'm playing in a VMWare sandbox so I just blew away the client OS and am reinstalling. We'll see where I get next time :-)
Again, setting up simple (basic) LDAP authentication is configuring ldap.conf and nsswitch.conf . But it is not sufficient, you have to make changes here and there to meet all your requirements
I'll be happy if I can just get that simple thing going. We'll see where I get.
Virtual machine and SAN storage. You can set PAM Module to create homedir on login and change to it.(authconfig --enablemkhomedir)
http://www.mail-archive.com/seawolf-list@redhat.com/msg03331.html
Nifty - thanks!
OK, after setting up my centos-ds server in pretty much a default config, I added a user and then did some playing around with a client.
Here is all I had to do to get the client authenticating :
On the other (client) CentOS box, as root :
system-config-authentication --enableldap --ldapserver=sandbox1 --ldapbasedn="dc=office,dc=example,dc=com" --update system-config-authentication --enableldap --enableldapauth --update
Note that "sandbox1" is my centos-ds server. And my domain is "office.example.com" though of course my real domain name :-)
This just gives me basic auth - nothing fancy yet. I have the homedir in centos-ds set to '/home/alan', and before logging in on the client, as root I created that dir and set it to 0777. Now I want to try to get fancy :-)
Add another
system-config-authentication --enablemkhomedir --update
As the name suggests, do this on the client and homedirs will be made for you automatically when they first log in.
w00t!!!
389-users@lists.fedoraproject.org