[CentOS] Where to find RHDS (Red Hat Directory Server) ?

Wei Yu zig.wei at gmail.com
Mon May 28 14:48:48 UTC 2007 

Will RHDS be better in integrating with other programs?
For example the MTA, apache, etc. Does it have a built-in configuration tool
for these tasks?
I am using OpenLDAP and I found it is really a boring task to enable LDAP
support for those programs one by one.


On 5/28/07, Luciano Rocha <strange at nsk.no-ip.org> wrote:
>
> On Mon, May 28, 2007 at 08:38:02AM -0300, Martin Marques wrote:
> >  I was looking at openldap to change my old lan that is working with NIS
> and
> >  NFS to have an LDAP with some secure authentication system. All thin on
> >  CentOS.
> >
> >  Should I look at Directory server?
>
> Directory Server has a very powerful access control mechanism[19, and
> supports multi-master replication.
>
> However, openldap has a more intelligent schema parser. Directory
> Server's schema are strict ldif, and you'll need to convert most schemas
> to its format (samba's, bind's, etc.). It's not hard, and there are some
> scripts that help with that[2].
>
> >  I see it has a graphical interface to configure, which is pretty good
> >  (haven't seen anything like that in LDAP).
>
> Fedora Directory Server 1.0.x include the graphical admin console, the
> new 1.1.x, following FHS and using system's packages (like dbx, nss,
> nspr) didn't last time I checked. But it's a work in progress, so that
> might have changed in the mean time.
>
> But I haven't used the graphical console, so I can't comment about that.
>
> I'm using FDS for replicated dns, users and dhcp servers, and also for
> an internal Xen control script that uses ldap.
>
> If you want to store only user information, without replication, then
> openldap is good enough.
>
> [1] here are ACIs that I'm using, that allow a specific user to change
> all users passwords (including for samba), and another specific user to
> read them:
> # Users
> dn: ou=Users, dc=dc, dc=aeiou, dc=pt
> ou: Users
> objectClass: top
> objectClass: organizationalUnit
> aci: (target="ldap:///uid=*,ou=Users,dc=sample,dc=com")(targetattr=*)
> (version 3.0;acl "user manager"; allow
> (read,write,add,delete,search,compare)
> userdn="ldap:///uid=uman,ou=Users,dc=sample,dc=com";)
> aci: (targetattr="sambaLMPassword || sambaNTPassword")(version 3.0;acl
> "vpn info access"; allow (read,search,compare) userdn="ldap:///uid=radius,
> ou=Users,dc=sample,dc=com"; deny (read,search,compare)
> (userdn!="ldap:///uid=radius,ou=Users,dc=sample,dc=com" and
> userdn!="ldap:///uid=uman,ou=Users,dc=sample,dc=com");)
>
> [2] http://directory.fedoraproject.org/download/ol-schema-migrate.pl
>
> --
> lfr
> 0/0
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
>


-- 
Zijing 15# 1404B Tsinghua Univ.
+86 -10 -51537235
Zig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20070528/c12549f0/attachment.html>

More information about the CentOS mailing list