Craig White wrote:
On Wed, 2009-11-04 at 15:26 -0500, Rob Kampen wrote:
m.roth@xxxxxxxxx wrote:
OK, google comes up with what looks like some easy HOWTOs for LDAP
I'll dig in and come back with questions as required
Don't believe it.
The fall of '06, my manager and the other admin and I were discussing what
to use for single sign-on. NIS has way too many holes, and no one was wild
about NIS+, so, though none of us had dealt with it before, I though LDAP
was the wave o' the future, and offered to implement it. A month or so
later, and *lots* of grief and hair tearing (and I ain't got none to
spare), I got it in. openLDAP's docs were *way* insufficient, and the
tools that come with it are *not* ready for prime time, and user-surly, to
say the least.
Mark,
I too have experienced this PAIN!!!
However I never quite got it done, always seemed real close but not quite.
Did you document??
I am now trying the RH / Fedora DS - no problem getting it installed but
configuration........
Any pointers to docs that actually work. I have purchased books, read
magazines and spent probably 100+ hours only to run out of time and
energy. It remains on my 'to do' list.
Thanks for any pointers.
Rob
----
skill sets and knowledge for LDAP does not work like most other software
and people who jump around from walk-through to walk-through will just
give up frustrated because every walk-through has different objectives
and assumptions. There is no single way to do anything on LDAP and there
are a variety of LDAP server options and implementation for things like
user authentication are very tricky.
The easy solution is what people don't want to hear...learn LDAP. Once
you get the core concepts down, it becomes easy to start wiring in
various things like user authentication either as system users or things
like http, or even implementing in your smtp server, etc.
Gerald Carter's book 'LDAP System Administration' is the only book that
I found that simplified the understanding of LDAP, how it works, how to
use it, etc. This book probably takes 3-4 hours to digest, work through
the examples and give you enough core knowledge to make it work for you.
At that point, using OpenLDAP or CentOS-DS or Fedora-DS is more or less
a matter of implementation details and utility. None of them are better
than the other for most purposes and even things like the consoles in
Fedora-DS aren't going to make it any easier for you to use LDAP if you
don't understand how it works. In short, there really aren't decent
shortcuts to using LDAP if you don't care to actually understand how and
why it works.
Craig
Hi Craig,
I've got this book, read it twice and believe I understand the LDAP
workings - that is the easy bit.
In a previous life I used LDAP as an authentication server for some
purpose built Perl and Java client stuff, so I have had some success there.
Where it gets impossible is sorting out schemas - which to use where,
then how to get them loaded - both as schemas and with data.
Then there is the headache of getting it to play nice with PAM, samba,
Thunderbird address book etc.
My requirements are these:-/
Single source for allowable users / passwords for authentication and
then from this determine authoritization
Single location of all my address and contact information, email
addresses, telephone numbers so that any LDAP capable client can get access.
That should do for starters.
What I've found with all the examples is they work great except one or
two steps that just don't and inevitably the show grinds to a halt.
One day soon I'll start afresh and see if I can get it cracked, and yes
- I'll do a HowTo - most of those via google are too old.
Thanks for your thoughts all.
Rob
This is where things go from bad to down right ugly.
begin:vcard
fn:Rob Kampen
n:Kampen;Rob
email;internet:rob@xxxxxxxxxxxxxxxxx
tel;cell:407-341-3815
version:2.1
end:vcard
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos