[K12OSN] nis,ldap,ad
Josiah Ritchie
jritchie at bible.edu
Mon Jun 7 17:35:32 UTC 2004
You mentioned writing this up in a wiki. I'd be interested in seeing
that. :-) JSR/
On Mon, 2004-06-07 at 12:26, Henry Burroughs wrote:
> Mark,
>
> I have been using winbind to access AD, however I am in the process of
> migrating to accessing AD via kerberos and AD (as an LDAP server). I
> have successfully gotten my own system to authenticate and login using
> the kerberos/ldap method. I discovered the MKSADPLUGINS.msi program
> which installs a UNIX schema in AD... hence giving you unix UIDs, GIDS,
> etc. Finally found a .pdf file from Brazil that details the steps out
> fairly well... maybe I should just condense it into a wiki.
>
> It will require you to give each user a unix UID... which I would not
> want to do by hand at all... I am going to be working on a perl script
> this week to automate giving everyone existing a UID... and then php
> scripts for a secure page that I can easily add new users to AD and have
> the appropriate info already filled out.
>
> Also, beware that your new UIDs for users will be different probably
> from winbind, unless you write a script to copy the winbind uid to the
> uid in AD. I mainly have to worry about home directories.... so I'll
> just get new uids for everyone, and loop through the home directory
> doing something like:
>
> cd /home/
> for userdir in `ls *`; do
> chown -R $userdir $userdir
> done
>
> And most of my problems will be fixed.
>
> I haven't personally decided if I want to phase AD out any time soon...
> but you probably could do a dump of the UNIX info in AD at a later date
> and move it to just plain ldap... aahh... fun with Perl....
>
> Let me know if I can help or if you want a copy of my initialize script
> (giving everyone a unix UID, other info).
More information about the K12OSN
mailing list