[Fedora-directory-users] usertools
Chris St. Pierre
stpierre at NebrWesleyan.edu
Wed Oct 11 15:04:58 UTC 2006
On Wed, 11 Oct 2006, Gennaro Tortone wrote:
>Hi,
>I'm migrating our NIS authentication server to Fedora Directory Server;
>
>my problem is that all "classic" commands (useradd, userdel, chage, ...)
>don't work on users migrated on LDAP (FDS)...
>
>Is there something to configure ? (PAM, ...)
>
>I tried with pwdutils (http://www.thkukuk.de/pam/pwdutils/) but there are
>some authentication problems and the project seems to be not so "active"
>
>Any idea ?
I think most people write their own scripts to create users, or do it
through the console. However, I believe that many modern Linuxes will
Do The Right Thing WRT the "classic" commands if you configure
everything correctly. Try 'man ldap.conf'; I *think* that if you give
it a bind password, etc., it'll try to add accounts. (It's quite
possible that I'm totally and completely wrong about that.)
There are two to three problems with that approach, though.
First, it probably won't create the account the way you want it to,
especially if you have anything beyond the most basic of environments.
I've never used this before, but I doubt it'll add, e.g., Samba
attributes. If you do anything beyond the bare minimum with POSIX
attributes, it'll be insufficient.
Second, /etc/ldap.conf has to be world-readable if you want other
users to be able to run 'finger,' or even get proper results from 'ls'
and 'stat'. If you specify your directory manager password in there,
your directory has just been pwned.
Thirdly, it assumes that you're running a recent Linux. For all I
know, you could be on OS/2. :)
So, while I think this might be possible, I'd recommend either using
the console if you have a small number of accounts to create, or bust
out the ol' Net::LDAP.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
More information about the Fedora-directory-users
mailing list