[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: NSS/PAM_LDAP Management

To: Greg <damin@cleveland.lug.net>
Subject: Re: NSS/PAM_LDAP Management
From: German Poo Caaman~o <gpoo@ubiobio.cl>
Date: Mon, 17 Apr 2000 12:02:37 -0400
Cc: openldap-software@OpenLDAP.org
References: <Pine.LNX.3.96.1000417102648.32069A-100000@intel.cleveland.lug.net>

Greg wrote:
> Hello all,
> I am in the process of evaluating the usage of nss/pam_ldap for a
> 5-6 thousand user Linux network. I have everything working just 
> peachy by using RedHat 6.2 and the stock OpenLDAP/nss/pam_ldap 
> modules that come "stock".
>         I have a couple of questions that I need to have a clear 
> answer on before I commit to using this. I figured that this was 
> the place to ask!
> ;)
> 
> 1. How does one create new accounts? I.E. Is there a set of 
> utilities that provide the same functionality as "useradd" and 
> "userdel" from the command line? I've been using LDAPXplorer 
> under PHP-3 to create accounts, but that does not create home 
> directories, figure out group mappings and the like. How do you 
> guys do it?

I made some scripts on perl.  You can modify useradd o userdel
as you need. In my case, just IMAP accounts was created.

> 2. When I attempt to change a password from the command line 
> now, I get th following dialog. Any pointers would be helpful..
> 
> [root@tori openldap]# passwd
> New UNIX password:
> Retype new UNIX password:
> Enter login(LDAP) password:
> New password:
> Re-enter new password:
> LDAP password information update failed: Insufficient access
> passwd: all authentication tokens updated successfully

It depends of your ACL.  But pam-ldap on RedHat-6.2 is pam_ldap-0.46.
I found that pam_ldap changed the password binding with uid, but
it tried to change the ShadowLastChange attribute binding
anonymously.  Furthermore, you got an error.  You can patch it,
or you can wait until pam_ldap-0.47 will be release.  It will
be patched on next release.

> 3. Any performance issues to be concerned about with 5,000 entries?

My machine have 9555 users authenticanting with pam_ldap.  
Pentium-II 450Mhz, 128Mb RAM... 18Gb IDE(!!!) disks, just
kidding!.  Obviously, it's my own desire change them to
SCSI disks.  More memory will be added shortly, just
for precaution.

-- 
German Poo Caaman~o
mailto:gpoo@ubiobio.cl
http://www.ubiobio.cl/~gpoo/chilelindo.html
"La historia no se lee, se escribe"

References:
- NSS/PAM_LDAP Management
  - From: Greg <damin@cleveland.lug.net>

Prev by Date: database krash
Next by Date: Re: database krash
Index(es):
- Chronological
- Thread