> On 19 Aug 2019, at 17:59, Nicolas Kovacs <info@xxxxxxxxxxxxx> wrote: > > Hi, > > I'm new to this list, so let me introduce myself. I'm a 52-year old > Austrian living in South France, and I'm the manager of a small IT > company with a focus on Linux and Open Source Software. Hello fellow Australian! > > I'm the system administrator of our local school, where I have setup a > small 100 % GNU/Linux network consisting of two servers running CentOS 7 > and 20 desktop clients running OpenSUSE Leap 15.1. > > Currently the network uses a bone-headed single-sign-on configuration > based on NIS and NFS. I'm well aware of the potential flaws of this > setup, and I intend to replace it. In the past I've tried to wrap my > head around LDAP, but I bluntly admit I failed miserably every time. > > I just read the "Single Sign On" chapter in the fine "Unix & Linux > System Administration Handbook", which states 389 Directory Server as a > preferable alternative to the plain OpenLDAP server. > > I have three sandbox machines in my office and some time to experiment, > and I've even managed so far to install 389 DS on one of these machines > using the online documentation and various tutorials. > > First things first. I'm a new user, so I checked out the project pat at > https://www.port389.org/. I clicked on "Get started with a new > install"... and got stuck since the documentation doesn't work on my > system (CentOS 7). > > * https://www.port389.org/docs/389ds/howto/quickstart.html > > Eventually I figured out that Red Hat DS has a working documentation, > although I felt a bit like someone looking for a receipt for pasta > bolognese and getting a full-blown online course in food biochemistry. > > The QuickStart page sports a link "If you want to learn more about what > ldap is, you should read our “ldap concepts” guide." So I clicked on > that but unfortunately the link is dead. I admit I have yet to find a > comprehensive introduction to LDAP that is suitable for folks like me > with an IQ below 200. No problem! Have a look at the following: https://fy.blackhats.net.au/blog/html/pages/ldap_guide_part_1_foundations.html The guide chapters continue on the "left" of the page. As for the setup - you may notice the Centos7 doesn't match the port389 quickstart as those tools are part of 1.4.x. Today you can get those through: * Fedora * Centos8/RHEL8 * OpenSUSE LEAP + network:ldap repository. I'm biased as I work for SUSE so I would advise you to use OpenSUSE and leap, but the other developers are from Red Hat and they do wonderful work on the project as well. The SUSE repo has the benefit that network:ldap updates with "upstream" but supports multiple opensuse versions so you'll always get the "right packages". It tends to update within 24hours of upstream security releases etc. As marc suggested you could use freeipa as well, but it's a bit heavy and brings in a lot more, so assess it and determine what works for you. We are also happy to take feedback and help extend our tooling to support extra use cases if you have them, so please stay in contact with the project! > > Any suggestions ? > > Cheers from the sunny South of France, G'day from Australia - and cheers mate :) — Sincerely, William Brown Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
