On Wed, 30 Aug 2006, Craig White wrote:
On Wed, 2006-08-30 at 22:22 -0400, Tom Diehl wrote:
On Wed, 30 Aug 2006, Craig White wrote:
On Wed, 2006-08-30 at 17:35 -0500, Les Mikesell wrote:
On Wed, 2006-08-30 at 22:23 +0300, Mike Jackson wrote:
There seems to be a lot of install/design documentation regarding FDS,
however I've not been able to find a quick "howto" on setting a FDS up
for a small company. For example, say a shop with 25-50 linux machines
and 150 or so user accounts.
Hi,
FDS includes the posixAccount, posixGroup, and inetOrgPerson object
classes. You don't really need more than this to do simple user
authentication for linux and apache, as well as basic personnel info
management.
And if you want to also use it as a back end for samba windows domain
authentication with the same users/passwords?
-----
that's a horse of another color
First you would have to import the samba schema appropriate for the
version of samba you are using.
Then you would have to realize that the samba schema has
objectclasses/attributes that have nothing to do with
posixAccount/posixGroup/inetOrgPerson attributes (well, I do use
posixGroup but that is with sambaGroupMapping attributes.
Then you would want to use a client that allows a single password entry
and encodes it for the userPassword (posixAccount/shadowAccount)
attribute and for the sambaNTPassword and optionally the
sambaLMPassword. Clients for this purpose are listed here...
http://wiki.samba.org/index.php/Samba_%26_LDAP
or of course, you can write your own code to accomplish this
Is it really all that different from using an ldap backend as described in the
Samba HowTo??
----
nope - very little difference between integration on OpenLDAP or FDS -
make sure that you visit the samba wiki page on FDS wiki as it tells you
how to import openldap schemas and such.
----
Is there any reason the idealx scripts and the standard samba schema will not
work?
----
Idealx scripts work fine (I barely use them though).
There is no such thing as a standard samba schema - it has been getting
continually tweaked at various stages in samba releases. Use the schema
appropriate for your samba release which I presume seeing your entries
on nahant/taroon lists will be supplied with your samba
installation...which would be 3.0.9.xx (taroon) 3.0.10.xx (nahant)
unless you replace it with kde-redhat samba like I do...
Indeed, I mis-spoke. I am aware of the issue. I normally upgrade the EL
machines to whatever the latest version of samba is. There are simply too
many features missing from the versions supplied with RHEL. Hopefully EL5
will have something near current. I was not aware of the kde-redhat samba.
I will have to look at it.
# rpm -q --whatprovides /usr/share/doc/samba-3.0.23b/LDAP/samba.schema
samba-3.0.23b-0.1.el4.kde
each release is slightly different - there is no 'standard samba schema'
-----
Just want to be sure I am not missing something, migrating to FDS is on my list
of things to do.
----
go for it - keep openldap installed - do your migration - turn off
openldap and then start fds - should be a direct replacement when you
get it going.
just a little stupid thing that may be of help to you is a little shell
script that I wrote to take the slapcat output from openldap and delete
the attributes that will poison it so you can't import it into FDS...
# cat ol2fds-filter.sh
#!/bin/sh
#
#
input=dump.ldif
output=import-me.ldif
filt1=creatorsName
filt2=createTimestamp
filt3=modifiersName
filt4=modifyTimestamp
filt5=structuralObjectClass
filt6=entryUUID
filt7=entryCSN
/bin/grep -v $filt1 $input | \
/bin/grep -v $filt2 | \
/bin/grep -v $filt3 | \
/bin/grep -v $filt4 | \
/bin/grep -v $filt5 | \
/bin/grep -v $filt6 | \
/bin/grep -v $filt7 > $output
OK, so we strip out the above attributes at import time but does FDS then
recreate them? My memory is telling me they are part of the required attributes
in the schema but I could be wrong.
Thanks for the help.
Regards,
--
Tom Diehl tdiehl@xxxxxxxxxxxx Spamtrap address mtd123@xxxxxxxxxxxx
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
