[CentOS] user management solution needed

Wed Nov 4 22:23:47 UTC 2009
Rob Kampen <rkampen at kampensonline.com>

Craig White wrote:
> On Wed, 2009-11-04 at 15:26 -0500, Rob Kampen wrote:
>   
>> m.roth at 5-cent.us wrote:
>>     
>>>> OK, google comes up with what looks like some easy HOWTOs for LDAP
>>>>
>>>> I'll dig in and come back with questions as required
>>>>
>>>>     
>>>>         
>>> Don't believe it.
>>>
>>> The fall of '06, my manager and the other admin and I were discussing what
>>> to use for single sign-on. NIS has way too many holes, and no one was wild
>>> about NIS+, so, though none of us had dealt with it before, I though LDAP
>>> was the wave o' the future, and offered to implement it. A month or so
>>> later, and *lots* of grief and hair tearing (and I ain't got none to
>>> spare), I got it in. openLDAP's docs were *way* insufficient, and the
>>> tools that come with it are *not* ready for prime time, and user-surly, to
>>> say the least.
>>>       
>
>   
>> Mark,
>> I too have experienced this PAIN!!!
>> However I never quite got it done, always seemed real close but not quite.
>> Did you document??
>> I am now trying the RH / Fedora DS - no problem getting it installed but 
>> configuration........
>> Any pointers to docs that actually work. I have purchased books, read 
>> magazines and spent probably 100+ hours only to run out of time and 
>> energy. It remains on my 'to do' list.
>> Thanks for any pointers.
>> Rob
>>     
> ----
> skill sets and knowledge for LDAP does not work like most other software
> and people who jump around from walk-through to walk-through will just
> give up frustrated because every walk-through has different objectives
> and assumptions. There is no single way to do anything on LDAP and there
> are a variety of LDAP server options and implementation for things like
> user authentication are very tricky.
>
> The easy solution is what people don't want to hear...learn LDAP. Once
> you get the core concepts down, it becomes easy to start wiring in
> various things like user authentication either as system users or things
> like http, or even implementing in your smtp server, etc.
>
> Gerald Carter's book 'LDAP System Administration' is the only book that
> I found that simplified the understanding of LDAP, how it works, how to
> use it, etc. This book probably takes 3-4 hours to digest, work through
> the examples and give you enough core knowledge to make it work for you.
>
> At that point, using OpenLDAP or CentOS-DS or Fedora-DS is more or less
> a matter of implementation details and utility. None of them are better
> than the other for most purposes and even things like the consoles in
> Fedora-DS aren't going to make it any easier for you to use LDAP if you
> don't understand how it works. In short, there really aren't decent
> shortcuts to using LDAP if you don't care to actually understand how and
> why it works.
>
> Craig
>   
Hi Craig,
I've got this book, read it twice and believe I understand the LDAP 
workings - that is the easy bit.
In a previous life I used LDAP as an authentication server for some 
purpose built Perl and Java client stuff, so I have had some success there.
Where it gets impossible is sorting out schemas - which to use where, 
then how to get them loaded - both as schemas and with data.
Then there is the headache of getting it to play nice with PAM, samba, 
Thunderbird address book etc.
My requirements are these:-/
Single source for allowable users / passwords for authentication and 
then from this determine authoritization
Single location of all my address and contact information, email 
addresses, telephone numbers so that any LDAP capable client can get access.
That should do for starters.
What I've found with all the examples is they work great except one or 
two steps that just don't and inevitably the show grinds to a halt.
One day soon I'll start afresh and see if I can get it cracked, and yes 
- I'll do a HowTo - most of those via google are too old.
Thanks for your thoughts all.
Rob
This is where things go from bad to down right ugly.
>
>   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rkampen.vcf
Type: text/x-vcard
Size: 121 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20091104/2f59b29b/attachment-0005.vcf>