On Wed, 11 Oct 2006, Gennaro Tortone wrote: >Hi, >I'm migrating our NIS authentication server to Fedora Directory Server; > >my problem is that all "classic" commands (useradd, userdel, chage, ...) >don't work on users migrated on LDAP (FDS)... > >Is there something to configure ? (PAM, ...) > >I tried with pwdutils (http://www.thkukuk.de/pam/pwdutils/) but there are >some authentication problems and the project seems to be not so "active" > >Any idea ? I think most people write their own scripts to create users, or do it through the console. However, I believe that many modern Linuxes will Do The Right Thing WRT the "classic" commands if you configure everything correctly. Try 'man ldap.conf'; I *think* that if you give it a bind password, etc., it'll try to add accounts. (It's quite possible that I'm totally and completely wrong about that.) There are two to three problems with that approach, though. First, it probably won't create the account the way you want it to, especially if you have anything beyond the most basic of environments. I've never used this before, but I doubt it'll add, e.g., Samba attributes. If you do anything beyond the bare minimum with POSIX attributes, it'll be insufficient. Second, /etc/ldap.conf has to be world-readable if you want other users to be able to run 'finger,' or even get proper results from 'ls' and 'stat'. If you specify your directory manager password in there, your directory has just been pwned. Thirdly, it assumes that you're running a recent Linux. For all I know, you could be on OS/2. :) So, while I think this might be possible, I'd recommend either using the console if you have a small number of accounts to create, or bust out the ol' Net::LDAP. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University
