can I ditch the gui?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Russell Miller wrote:
>
> Hi all,
>
> OK, I run a moderate sized LDAP system that I inherited.  It's been 
> broken to one degree or another for literally years and it's my task 
> to fix it.  I've already upgraded every single server to redhat-ds 8, 
> and am in the process of nailing down a few bugs that we have never 
> been able to address.  Not being able to change expired passwords, etc.
>
> I would like to integrate setup with, say puppet.  I would like to be 
> able to say "OK, here's a host, let's build a working LDAP setup, 
> *without human intervention*.".  It seems to be impossible.  Many 
> steps I can't do except for through the GUI, the SSL key setup (which 
> I can do via command line using certutil though it doesn't seem to be 
> documented and I don't know yet how to do a request) is very awkward, 
> and basically setting up a new server is currently an intensely manual 
> process.
>
> I don't like this.
>
> I would like a command like utility of some kind where I can do 
> everything the admin gui can do - turning options on and off, etc.  
> And I would like just one tool, not having to go around to all sorts 
> of different places and change entries here and there.  I know it can 
> be done because the gui does it.  How about making it admin friendly?
>
> Or am I missing something and it's already there?
You can do everything from the command line, including everything the 
GUI does.  The documentation describes how to do a task with the GUI and 
how to do that same task with the command line in most cases [1].  If 
you need more information about the configuration entries and 
attributes, we have a reference manual [2].  The crypto/SSL commands are 
not well documented, but you can use the -H argument to get some help 
with certutil, pk12util, and modutil, as well as the examples on the 
wiki [3].

If you decide to go this route, I strongly encourage you to use a 
scripting language.  I prefer python and python-ldap - you can do a 
great deal of work quickly with these.  I've also used perl in the 
past.  If you're interested, I have a collection of scripts I use to 
perform various tasks.

Unfortunately, there is not one single command you can use to do 
everything (e.g. dsadmin setupreplication host1 host2 or something like 
that).  The freeipa.org project has been established to make LDAP, NIS, 
Kerberos, and eventually SSL easy to setup and deploy.  While they may 
not have all of the pieces, they have come a long way, and depending on 
what your deployment looks like, you might be able to use freeipa.org to 
easily and quickly set up your environment.  http://www.freeipa.org/

1 - http://www.redhat.com/docs/manuals/dir-server/ag/8.0/index.html
2 - http://www.redhat.com/docs/manuals/dir-server/cli/8.0/index.html
3 - http://directory.fedoraproject.org/wiki/Howto:SSL
>
> Thanks,
>
> --Russell
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20080812/df4db15f/attachment.bin 


[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux