On Thu, 2003-12-18 at 12:38, Robert Ambrose wrote:
> I've been off and on the same type of project for awhile, I keep having
> drop it to go and make that stuff that pays the bills ;-(.
>
> I fully understand in a personal way the pain in figuring out that the
> FQDN and TLS. SASL had a certain entertainment factor as well.
---
entertainment factor is an interesting way to describe it - the only
message I ever got was unable to contact LDAP server. Nothing logged.
Since this is RH AS 3 - I put in web form request for support - 24 hours
later - no reply so I called - tech on phone was clueless on LDAP - said
it would have to be sent up to higher level tech. I figured it out an
hour or two later
---
>
> What I'm curious about is:
>
> 1. What combination of schemas did you end up using?
---
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/redhat/kerberosobject.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/samba.schema
---
> 2. What version of openldap are you using? Mostly I'm interested if
> you're using 2.1.
---
2.0.27-11 (remember AS 3) I don't dare move off the supported path on
anything that I don't absolutely have to. Ended up compiling Netatalk
from source - not supplied or supported by RH. They didn't even include
appletalk as a module - had to install unsupported-kernel-modules
package
---
> 3. What (if any) application are you using to manage the user accounts?
> I got stuck on this one. I looked at directory_administrator but it
> didn't knock my socks off.
---
thus far...Directory_administrator is a great tool for peeking into LDAP
and for leave-behind password management if necessary. It doesn't
however support the revised schema of samba-3 only the schema of
samba-2.x which is different. Samba 3 is new, tools are only usable if
configurable - Directory_administrator isn't ;-(
I am going to be playing with the new LDAP Users and Groups module in
Webmin 1.21 (or whatever version it is that they're up to) - It looked
nice at first glance - now that I have slurped the NT-SAM I am
interested and it apparently is adaptable.
Per Jamie...
> Since there are so many LDAP properties, the Module Config page of the
> LDAP Users and Groups module has had an option since version 1.120 for
> specifying your own extra local properties to allow the editing of. It
> is the last field in the 'LDAP server options' section, and you can
> enter something like :
>
> profilePath Path to profile file
> homeDrive Home directory drive
>
> This should be flexible enough to support any special property
> requirements not built into the module as standard, without needed any
> code changes :-)
>
I note that Webmin is also not part of RH AS 3 but I considered that to
be absolutely necessary ;-)
And a btw on webmin - the 'cluster' modules that have been developed are
thoroughly interesting where you have multiple servers. They can
synchronize users/groups - even a test where you will get a look at the
differences between servers without actually making any changes. Also
some other cool stuff like where you've got master & slave dns servers,
you can make changes to master, restart bind on both machines which
makes it synchronize immediately. Way cool.
>
> FWIW, if you're using autofs, it can be put very nicely into LDAP.
>
---
I suppose you are giving me a clue here about autofs - I don't know what
it is but I'm gonna look into it right away. That's what I love about
PLUG - there are so many knowledgable and talented people to learn from.
When Kevin Brown shows interest in something I have done, I feel like I
hit the big time. BTW - I've got Open Office running and am dumping
'bulk' info into it for rehashing / editing later as a mini-howto. Your
engineering background has you taking copious notes. My 60's hippie
background makes me far more disorganized and I have to be pushed.
Craig
(text/plain)