> m.roth at 5-cent.us wrote: >>> OK, google comes up with what looks like some easy HOWTOs for LDAP >>> >>> I'll dig in and come back with questions as required >>> >> Don't believe it. >> >> The fall of '06, my manager and the other admin and I were discussing >> what to use for single sign-on. NIS has way too many holes, and no one was >> wild about NIS+, so, though none of us had dealt with it before, I though >> LDAP was the wave o' the future, and offered to implement it. A month or so >> later, and *lots* of grief and hair tearing (and I ain't got none to >> spare), I got it in. openLDAP's docs were *way* insufficient, and the >> tools that come with it are *not* ready for prime time, and user-surly, >> to say the least. >> >> It works, though. > > Is the recently packaged IPA server a better starting point? > > http://lists.centos.org/pipermail/centos/2009-October/083023.html Don't know - I rolled off that job over a year ago, and haven't had to set it up since. The last thing I did, a few months before leaving, was to upgrade from 2.2 to 2.3, to add policy, for password aging and so that users could change their own password. mark