[CentOS] Where to find RHDS (Red Hat Directory Server) ?

Mon May 28 13:13:30 UTC 2007
Luciano Rocha <strange at nsk.no-ip.org>

On Mon, May 28, 2007 at 08:38:02AM -0300, Martin Marques wrote:
>  I was looking at openldap to change my old lan that is working with NIS and 
>  NFS to have an LDAP with some secure authentication system. All thin on 
>  CentOS.
> 
>  Should I look at Directory server?

Directory Server has a very powerful access control mechanism[19, and
supports multi-master replication.

However, openldap has a more intelligent schema parser. Directory
Server's schema are strict ldif, and you'll need to convert most schemas
to its format (samba's, bind's, etc.). It's not hard, and there are some
scripts that help with that[2].

>  I see it has a graphical interface to configure, which is pretty good 
>  (haven't seen anything like that in LDAP).

Fedora Directory Server 1.0.x include the graphical admin console, the
new 1.1.x, following FHS and using system's packages (like dbx, nss,
nspr) didn't last time I checked. But it's a work in progress, so that
might have changed in the mean time.

But I haven't used the graphical console, so I can't comment about that.

I'm using FDS for replicated dns, users and dhcp servers, and also for
an internal Xen control script that uses ldap.

If you want to store only user information, without replication, then
openldap is good enough.

[1] here are ACIs that I'm using, that allow a specific user to change
all users passwords (including for samba), and another specific user to
read them:
# Users
dn: ou=Users, dc=dc, dc=aeiou, dc=pt
ou: Users
objectClass: top
objectClass: organizationalUnit
aci: (target="ldap:///uid=*,ou=Users,dc=sample,dc=com")(targetattr=*)
 (version 3.0;acl "user manager"; allow (read,write,add,delete,search,compare)
  userdn="ldap:///uid=uman,ou=Users,dc=sample,dc=com";)
aci: (targetattr="sambaLMPassword || sambaNTPassword")(version 3.0;acl 
 "vpn info access"; allow (read,search,compare) userdn="ldap:///uid=radius,
 ou=Users,dc=sample,dc=com"; deny (read,search,compare) 
 (userdn!="ldap:///uid=radius,ou=Users,dc=sample,dc=com" and 
 userdn!="ldap:///uid=uman,ou=Users,dc=sample,dc=com");)

[2] http://directory.fedoraproject.org/download/ol-schema-migrate.pl

-- 
lfr
0/0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20070528/ccf7d19d/attachment-0005.sig>