system-config-users and ldapi

[Braden McDaniel]

On 4/19/12 9:16 AM, Craig White wrote:
> On Wed, 2012-04-18 at 10:37 -0400, Braden McDaniel wrote:
>> On Wed, 2012-04-18 at 06:09 -0700, Craig White wrote:
>>> On Mon, 2012-04-16 at 22:03 -0400, Braden McDaniel wrote:
>>>> Can system-config-users be made to use ldapi (i.e., a socket connection
>>>> to an LDAP server)?
>>>>
>>>> According to "man 5 libuser.conf", libuser can do this; but I haven't
>>>> been able to convince system-config-users.  It asks for a SASL user on
>>>> startup (which shouldn't be applicable, as I understand it).
>>> ----
>>> I was under the impression that system-config-users would write directly
>>> to /etc/passwd (/etc/shadow, /etc/group) and would not be applicable for
>>> use with ldap based users.
>>>
>>> BTW, I tend to use Webmin and it's LDAP Users and Groups module to
>>> manage LDAP users&  groups.
>>
>> If you set "create_modules = ldap" in /etc/libuser.conf,
>> system-config-users will prompt for several LDAP authentication settings
>> on startup.
>>
>> I have not gotten it to work, yet, though.
>>
>> There is an old comment in this older bug report suggesting that this
>> worked at some time (in some form):
>>
>>          https://bugzilla.redhat.com/show_bug.cgi?id=89539
>>
>> It may be that it requires authentication to be done via LDAP; and I'm
>> using Kerberos for that.
> ----
> If there was actual intent to use it with ldap users&  groups, there
> would be configuration possibilities for the schema(s) used. It's not
> and never was a suitable tool for the purpose.

Do your comments extend to libuser?

I'm an utter novice at LDAP; but perhaps this depends upon what one is 
looking for?  Clearly system-config-users is not a versatile tool with 
respect to the variety of LDAP deployments that are possible.  But if 
one is just looking to set up/manage a centralized user account store on 
a small network, might it be sufficient?

Braden