Will RHDS be better in integrating with other programs?
For example the MTA, apache, etc. Does it have a built-in configuration tool for these tasks?
I am using OpenLDAP and I found it is really a boring task to enable LDAP support for those programs one by one.
On 5/28/07, Luciano Rocha <strange@xxxxxxxxxxxxx> wrote:
On Mon, May 28, 2007 at 08:38:02AM -0300, Martin Marques wrote:
> I was looking at openldap to change my old lan that is working with NIS and
> NFS to have an LDAP with some secure authentication system. All thin on
> CentOS.
>
> Should I look at Directory server?
Directory Server has a very powerful access control mechanism[19, and
supports multi-master replication.
However, openldap has a more intelligent schema parser. Directory
Server's schema are strict ldif, and you'll need to convert most schemas
to its format (samba's, bind's, etc.). It's not hard, and there are some
scripts that help with that[2].
> I see it has a graphical interface to configure, which is pretty good
> (haven't seen anything like that in LDAP).
Fedora Directory Server 1.0.x include the graphical admin console, the
new 1.1.x, following FHS and using system's packages (like dbx, nss,
nspr) didn't last time I checked. But it's a work in progress, so that
might have changed in the mean time.
But I haven't used the graphical console, so I can't comment about that.
I'm using FDS for replicated dns, users and dhcp servers, and also for
an internal Xen control script that uses ldap.
If you want to store only user information, without replication, then
openldap is good enough.
[1] here are ACIs that I'm using, that allow a specific user to change
all users passwords (including for samba), and another specific user to
read them:
# Users
dn: ou=Users, dc=dc, dc=aeiou, dc=pt
ou: Users
objectClass: top
objectClass: organizationalUnit
aci: (target="ldap:///uid=*,ou=Users,dc=sample,dc=com")(targetattr=*)
(version 3.0;acl "user manager"; allow (read,write,add,delete,search,compare)
userdn="ldap:///uid=uman,ou=Users,dc=sample,dc=com";)
aci: (targetattr="sambaLMPassword || sambaNTPassword")(version 3.0;acl
"vpn info access"; allow (read,search,compare) userdn="ldap:///uid=radius,
ou=Users,dc=sample,dc=com"; deny (read,search,compare)
(userdn!="ldap:///uid=radius,ou=Users,dc=sample,dc=com" and
userdn!="ldap:///uid=uman,ou=Users,dc=sample,dc=com");)
[2] http://directory.fedoraproject.org/download/ol-schema-migrate.pl
--
lfr
0/0
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
--
Zijing 15# 1404B Tsinghua Univ.
+86 -10 -51537235
Zig
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
