[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: FC2 and general LDAP Support

roli israel-jugendtag ch (Roland Käser) writes:

> What about moving the user database to LDAP for the FC2 release?

LDAP is not LDAP. Depending on the environment, different schemes with
different, perhaps mandatory attributes will be used. So you will need
some pre-configuration before installing the real Fedora Core and the
useradd tools must be configurable to support the used scheme with
reasonable defaults. 'useradd' will have to deal with other attributes
(address, jpegphoto) and used authentication method (e.g. krb5 allows
special password attributes).

Implementing this is not trivial and would be too much overkill for normal
usage of FC (a standalone desktop). The nss_ldap module is ... aeh .. a
little bit unstable; using it with TLS and non-selfsigned certificates
gives mysterious faults when CA chain is not known, and network-faults are
giving authentication errors for local users (root).

> It would be possible to integrate also the samba part of the user
> records directly to the LDAP directory.  The only thing we need is a
> useful ldap administration frontend

I have never tested it, but http://www.gonicus.de/eng/index.html sounds
very promising.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]