[CentOS] LDAP howto using ds-base and ds-admin and related consoles

Fri Jul 31 14:05:29 UTC 2009
Craig White <craigwhite at azapple.com>

On Fri, 2009-07-31 at 08:20 +0100, Tony Molloy wrote:
> On Thursday 30 July 2009 19:23:24 Kwan Lowe wrote:
> > On Thu, Jul 30, 2009 at 1:03 PM, Rob Kampen<rkampen at kampensonline.com>
> > wrote: [snip]
> >
> > > I have read many hundreds of pages, have purchased O'reilly's LDAP System
> > > Administration but cannot seem to get my dirsrv based LDAP to function.
> > > I do understand that ds uses LDIF files to store and set things up, but
> > > seem unable to grasp the arcane entries that need to exist so I can
> > > access it with a basic LDAP client to load my users etc.
> > > Also I guess there are certain schemas that need to be used to allow
> > > basic functions to work.
> > > My wish list:
> > > linux user authentication and authorization
> > > windows user authentication and authorization (via samba?)
> > > customer contact list (name, address, company, phone numbers, email
> > > addresses)
> > > - this last one to be used by Thunderbird and my SIP phone system - both
> > > of which profess to speak LDAP
> > > I'm sure there are many small business folk that would like something
> > > like this, however I cannot find a template with all my searches, so for
> > > those of you with better LDAP and or google skills - please point me in
> > > the right direction.
> >
> 
> I'm going through the same process as Rob ( the OP ) at the moment. I want to 
> setup centos-directory server. initially I want it to replace a NIS and Samba 
> system with about 1200 existing users. 
> 
> > There's a pretty straightforward guide at HowToForge.com (search for
> > "CentOS LDAP"). It's a little dated, but works as advertised.  In a
> > nutshell the installation requires installing the centos-ds packages
> > (about 4), installing a Sun Java, and then populating the database.
> > The client side is even simpler.
> 
> Installing centos-ds is not a problem. It's what you do after it. Especially 
> for people like me who have no experience with OpenLDAP.
> 
> >
> > Linux and Windows user authentication is straightforward, with GUI
> > based setup and editing.
> >
> 
> With 1200 existing users to be migrated then GUI based setup and editing is 
> not very useful.
> 
> > The default schema I use doesn't include address, company, etc., but
> > these are very easily added.  I tested with kaddressbook and a couple
> > other LDAP browsers without any glitches.
> 
> I'm going through the Howto:Samba from <directory.fedoraproject.org> at the 
> moment and hopefully that will get me started.
> 
> But what would be nice is:
> 
> 1. Howto:migtate existing NIS to CentosDS
> 2. Howto:migrate existing Samba to CentosDS
----
seriously...I don't think you are ever going to find such a beast.

There are some really good tools from padl to migrate nis to ldap (on
Redhat/CentOS installed as part of openldap-servers package). This may
require some amount of script-fu (perl, sed, awk, etc.) but not too
much. Then to add the samba attributes/passwords/machine accounts will
require a larger dose of script-fu.

But this all would be virtually impossible without a decent knowledge of
how LDAP works and that is regardless of whether you use CentOS-DS or
OpenLDAP.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.