On 12/1/09 6:40 PM, "Alan McKay" <alan.mckay at gmail.com> wrote: >> ????Take a look at documentation here: >> ????http://directory.fedoraproject.org/wiki/Documentation > > I'll go through that again, thanks. I went through it a week ago but > did not find anything too useful, but I'm further along now and a week > is a long time when you are just starting out. It will take time to learn LDAP as it is a huge topic. Here's a book I would recommend: LDAP System Administration by Gerald Carter(O'Reilly Publication) > >> ????To authenticate linux users, you will have to configure you client hosts >> to ldap server by configuring /etc/ldap.conf >> ????Which can be done using GUI/cmdline via authconfig-tui/authconfig --help > > Aha, this gives me a tidbit of what I'm looking for! Enough to > probably find some good results with man pages and google! Thanks! Google for "How to setup LDAP authentication" and there is ton of info. > >> ????Look at Administration Guide >> ????http://www.redhat.com/docs/manuals/dir-server/8.1/admin/index.html > > This I spent most of my day on today and as mentioned there is nothing > really there for me on how to get cilents working against this. Sure, > lots of great detail on setting up every aspect of the server and > stuff I'll have to come back to (e.g. multi-master replication, > password expiry and such), but not a single thing in the whole guide > on "here is how you get client XYZ to work with LDAP" Again, setting up simple (basic) LDAP authentication is configuring ldap.conf and nsswitch.conf . But it is not sufficient, you have to make changes here and there to meet all your requirements > >> Do they need local accounts too? >> ????Local accounts are needed for root and other service accounts > > Cool > >> Local disks? >> ????Not sure what this means > > If you do not have a local account, then where does your home dir come > from? Must come from a network disk, no? But what if I want local > disk, but authenticate through LDAP? Can I do that too? And if there > is no local user, how do I chown files on the drive to that user? Having a homer Directory is irrespective of where the account lives. You definitely need a local disk where you OS is installed, unless you are using Virtual machine and SAN storage. You can set PAM Module to create homedir on login and change to it.(authconfig --enablemkhomedir) http://www.mail-archive.com/seawolf-list at redhat.com/msg03331.html > >> What about website? ?Wikis? ?All currently using htpasswd. ??How do I >> convert those? >> ????For websites, you can refer to Apache authentication via LDAP > > Will do - thanks! -Prashanth
