Debian and LDAP?
hi. i've been playing with using an OpenLDAP server for
(home) network-wide authentication purposes for the last few days.
debian (2.2 at least) seems to be severly lacking for this task. in
contrast, redhat 7 has ldap authentication (as a client at least) as an
installation option.
here's some of the problem i ran into:
1. openldapd misconfigures itself. to get it working properly, you have to
copy /usr/share/doc/openldapd/slapd.conf.example to
/etc/openldap/slapd.conf and `dpkg-reconfigure -plow openldapd'. this was
a rc bug before 2.2 was released, but it got downgraded and openldapd
shipped broken.
2. not really a debian problem, but: ldap migration tools (from
http://www.padl.com/tools.html) try to create "ou=People,cn=...", which is
already created once openldapd is configured. adding `-c' to the call to
ldapadd in `migrate_all_online.sh' fixes this.
3. there are no tools for creating and maintaining users in an ldap
database. this is the biggest problem, imo. login, passwd, chfn, chsd and
su are all pam-ified, but user{add,del} and group{add,del} aren't.
are there any plans to have better support for ldap in woody? it would be
extremely nice to have ldap authentication as an installation option, and
have openldapd automagically migrate all the users, groups, etc when it
installs.
maybe creating a debian-ldap list would be a good idea?
--
______________________________________________
| "the whole scale of cosmic dimensions are falling from my mouth
| in the description of a kiss of the interimlovers"
| - einsturzende neubaten, "interim"
Reply to: