On Fri, Nov 26, 2004 at 04:49:09PM +0100, Kyrre Ness Sjobak wrote: > Anybody know about a good web(min) based LDAP server interface, which > could let me create a huge batch of users/w. populated homedirs Where does the list of user names, their account names and numeric uids come from? I need to authenticate users on Unix systems against a Windows NT (soon to be AD) domain. There is a LDAP directory that exports data about every user, but unfortunately that data doesn't include the attributes used by posixAccount. So I just set up a local LDAP server for POSIX account information. I use a simple Perl script that, given a list of accounts, looks up the email address account@xxxxxxxxxxx in the "NT" LDAP directory. From the object found, I extract the last name, the full real name and the personID field (which happens to be unique for every user and I can thus reuse as a uid). From this information, I can create LDIF files with posixGroup and posixAccount/shadowAccount objects for each user, generating appropriate values for some fields (homeDirectory is set to /home/$username) or using default values for the others (the shadow password fields). OpenLDAP's command line tools will read the LDIF file to add/modify users. Clients are simply set up to get the account information from the local LDAP server and to validate passwords against the NT domain using pam_smb. -- Rudi
