Thanks for the input. I would not recommend RH423 for those who are trying to immediately deploy ldap or Keberos across a network. There is just no way someone new to ldap/Kerberos can gain enough insight into all the possible problems and gotchas in four days of instruction! If you need to use ldap immediately hire a good consultant! I do highly recommend the course to those who have time to plot and plan their implementation. The course was very good about walking through all the cli tools and the steps needed to create and manage ldap. Even if you plan to use openldap directly and not Redhat Directory Service, the course is worth the time. It gives you a quick foundation to build on. Phpldapadmin is where I am going to start. Has anyone seen a practical implementation using Webmin? -----Original Message----- From: fedora-directory-devel-bounces@xxxxxxxxxx [mailto:fedora-directory-devel-bounces@xxxxxxxxxx] On Behalf Of Mike Jackson Sent: Friday, July 21, 2006 9:07 AM To: Fedora Directory server developer discussion. Subject: Re: [Fedora-directory-devel] General use questions and diffs fromNetscape Deas, Jim wrote: > I recently completed Redhats course on Directory Services and decided to > setup a test deployment using Fedora. In the course of doing this I came > across a couple of issues that I need to answer before I could use > Directory as a valid authentication system. What did you think about the course? > 1) The web interface appears to create/handle group entrys different > from those migrated from the local files using the Redhat class altered > paddle scripts. From the class I remember changing the 'group' schema to > 'groups'. End result, is there a way to create/manage 'groups' schema > entries using the Directory web page that match those created when my > existing /etc/group was migrated using the altered paddle scripts. If > not, why does Redhat suggest this change in their class? The web interface is not meant to be a full-blown user management solution. You'd do much better with something like phpldapadmin, or writing your own command line tools. > 2) Is there a way that the Directory web page can be used to create new > user accounts that include an autogen uid and gid? Currently it appears > to create a new user with all the posix data turned off. This is fine > from a management position as long as a uid generator exist to keep me > safe from producing duplicate uid/gid numbers. I wrote a user addition script which supports uid uniqueness checking for manually specified uids, as well as auto incrementing of uid if desired (does a search, sorts the uid list, and adds 1). http://www.netauth.com/~jacksonm/ldap/newuser.pl Just edit the configuration section to match your setup, and you're all set. NOTE that this is not a very advanced tool, but the price is right :-) I have written some very advanced ones, but they are not open source... BR, Mike -- http://www.netauth.com - LDAP Directory Consulting -- Fedora-directory-devel mailing list Fedora-directory-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel
