Will RHDS be better in integrating with other programs? For example the MTA, apache, etc. Does it have a built-in configuration tool for these tasks? I am using OpenLDAP and I found it is really a boring task to enable LDAP support for those programs one by one. On 5/28/07, Luciano Rocha <strange at nsk.no-ip.org> wrote: > > On Mon, May 28, 2007 at 08:38:02AM -0300, Martin Marques wrote: > > I was looking at openldap to change my old lan that is working with NIS > and > > NFS to have an LDAP with some secure authentication system. All thin on > > CentOS. > > > > Should I look at Directory server? > > Directory Server has a very powerful access control mechanism[19, and > supports multi-master replication. > > However, openldap has a more intelligent schema parser. Directory > Server's schema are strict ldif, and you'll need to convert most schemas > to its format (samba's, bind's, etc.). It's not hard, and there are some > scripts that help with that[2]. > > > I see it has a graphical interface to configure, which is pretty good > > (haven't seen anything like that in LDAP). > > Fedora Directory Server 1.0.x include the graphical admin console, the > new 1.1.x, following FHS and using system's packages (like dbx, nss, > nspr) didn't last time I checked. But it's a work in progress, so that > might have changed in the mean time. > > But I haven't used the graphical console, so I can't comment about that. > > I'm using FDS for replicated dns, users and dhcp servers, and also for > an internal Xen control script that uses ldap. > > If you want to store only user information, without replication, then > openldap is good enough. > > [1] here are ACIs that I'm using, that allow a specific user to change > all users passwords (including for samba), and another specific user to > read them: > # Users > dn: ou=Users, dc=dc, dc=aeiou, dc=pt > ou: Users > objectClass: top > objectClass: organizationalUnit > aci: (target="ldap:///uid=*,ou=Users,dc=sample,dc=com")(targetattr=*) > (version 3.0;acl "user manager"; allow > (read,write,add,delete,search,compare) > userdn="ldap:///uid=uman,ou=Users,dc=sample,dc=com";) > aci: (targetattr="sambaLMPassword || sambaNTPassword")(version 3.0;acl > "vpn info access"; allow (read,search,compare) userdn="ldap:///uid=radius, > ou=Users,dc=sample,dc=com"; deny (read,search,compare) > (userdn!="ldap:///uid=radius,ou=Users,dc=sample,dc=com" and > userdn!="ldap:///uid=uman,ou=Users,dc=sample,dc=com");) > > [2] http://directory.fedoraproject.org/download/ol-schema-migrate.pl > > -- > lfr > 0/0 > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > > > -- Zijing 15# 1404B Tsinghua Univ. +86 -10 -51537235 Zig -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070528/c12549f0/attachment-0005.html>