[389-users] OK, so how do I use this thing?
Prashanth Sundaram
psundaram at wgen.net
Wed Dec 2 15:40:35 UTC 2009
On 12/1/09 6:40 PM, "Alan McKay" <alan.mckay at gmail.com> wrote:
>> Take a look at documentation here:
>> http://directory.fedoraproject.org/wiki/Documentation
>
> I'll go through that again, thanks. I went through it a week ago but
> did not find anything too useful, but I'm further along now and a week
> is a long time when you are just starting out.
It will take time to learn LDAP as it is a huge topic. Here's a book I would
recommend: LDAP System Administration by Gerald Carter(O'Reilly Publication)
>
>> To authenticate linux users, you will have to configure you client hosts
>> to ldap server by configuring /etc/ldap.conf
>> Which can be done using GUI/cmdline via authconfig-tui/authconfig --help
>
> Aha, this gives me a tidbit of what I'm looking for! Enough to
> probably find some good results with man pages and google! Thanks!
Google for "How to setup LDAP authentication" and there is ton of info.
>
>> Look at Administration Guide
>> http://www.redhat.com/docs/manuals/dir-server/8.1/admin/index.html
>
> This I spent most of my day on today and as mentioned there is nothing
> really there for me on how to get cilents working against this. Sure,
> lots of great detail on setting up every aspect of the server and
> stuff I'll have to come back to (e.g. multi-master replication,
> password expiry and such), but not a single thing in the whole guide
> on "here is how you get client XYZ to work with LDAP"
Again, setting up simple (basic) LDAP authentication is configuring
ldap.conf and nsswitch.conf . But it is not sufficient, you have to make
changes here and there to meet all your requirements
>
>> Do they need local accounts too?
>> Local accounts are needed for root and other service accounts
>
> Cool
>
>> Local disks?
>> Not sure what this means
>
> If you do not have a local account, then where does your home dir come
> from? Must come from a network disk, no? But what if I want local
> disk, but authenticate through LDAP? Can I do that too? And if there
> is no local user, how do I chown files on the drive to that user?
Having a homer Directory is irrespective of where the account lives. You
definitely need a local disk where you OS is installed, unless you are using
Virtual machine and SAN storage. You can set PAM Module to create homedir on
login and change to it.(authconfig --enablemkhomedir)
http://www.mail-archive.com/seawolf-list@redhat.com/msg03331.html
>
>> What about website? Wikis? All currently using htpasswd. How do I
>> convert those?
>> For websites, you can refer to Apache authentication via LDAP
>
> Will do - thanks!
-Prashanth
More information about the Fedora-directory-users
mailing list