Russell Miller wrote: > > Hi all, > > OK, I run a moderate sized LDAP system that I inherited. It's been > broken to one degree or another for literally years and it's my task > to fix it. I've already upgraded every single server to redhat-ds 8, > and am in the process of nailing down a few bugs that we have never > been able to address. Not being able to change expired passwords, etc. > > I would like to integrate setup with, say puppet. I would like to be > able to say "OK, here's a host, let's build a working LDAP setup, > *without human intervention*.". It seems to be impossible. Many > steps I can't do except for through the GUI, the SSL key setup (which > I can do via command line using certutil though it doesn't seem to be > documented and I don't know yet how to do a request) is very awkward, > and basically setting up a new server is currently an intensely manual > process. > > I don't like this. > > I would like a command like utility of some kind where I can do > everything the admin gui can do - turning options on and off, etc. > And I would like just one tool, not having to go around to all sorts > of different places and change entries here and there. I know it can > be done because the gui does it. How about making it admin friendly? > > Or am I missing something and it's already there? You can do everything from the command line, including everything the GUI does. The documentation describes how to do a task with the GUI and how to do that same task with the command line in most cases [1]. If you need more information about the configuration entries and attributes, we have a reference manual [2]. The crypto/SSL commands are not well documented, but you can use the -H argument to get some help with certutil, pk12util, and modutil, as well as the examples on the wiki [3]. If you decide to go this route, I strongly encourage you to use a scripting language. I prefer python and python-ldap - you can do a great deal of work quickly with these. I've also used perl in the past. If you're interested, I have a collection of scripts I use to perform various tasks. Unfortunately, there is not one single command you can use to do everything (e.g. dsadmin setupreplication host1 host2 or something like that). The freeipa.org project has been established to make LDAP, NIS, Kerberos, and eventually SSL easy to setup and deploy. While they may not have all of the pieces, they have come a long way, and depending on what your deployment looks like, you might be able to use freeipa.org to easily and quickly set up your environment. http://www.freeipa.org/ 1 - http://www.redhat.com/docs/manuals/dir-server/ag/8.0/index.html 2 - http://www.redhat.com/docs/manuals/dir-server/cli/8.0/index.html 3 - http://directory.fedoraproject.org/wiki/Howto:SSL > > Thanks, > > --Russell > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20080812/df4db15f/attachment.bin
