[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: General Issues

To: Glover George <dime@gulfsales.com>
Subject: Re: General Issues
From: Adam Williams <awilliam@whitemice.org>
Date: 27 Feb 2002 19:59:19 -0500
Cc: OpenLDAP Mailling List <openldap-software@OpenLDAP.org>
In-reply-to: <000301c1bfd4$b12357e0$0300a8c0@yellow>
References: <000301c1bfd4$b12357e0$0300a8c0@yellow>

>Hello, and please bare with me for a second.  I'm have just finished
>reading the admin and quickstart guides on openldap.org and the
>openldap-howto.  I have succesfully set up the server but have no
>entries in it.  This is where my knowledge ends.  Am I correct in
>understanding that microsoft's Active Directory is built on LDAP?  Also,

Sort of, more or less, and not really.  AD contains an LDAP server
component,  but it piles of a lot of proprietary RPC stuff and some
schema/structures of its very own.   But you can drive PAM/NSS against
AD with a bit of fiddling.

>this is my question.  I have been bombarded with the buzzwords, but
>really just need someone to explain to me the practical applications for
>ldap.  As far as I know I can use it with pam to centralize logins on my
>linux machines.  But can't I use it to centralize windows machine logins
>too?  

Yes, with a Samba >2.2.3 PDC you can use an LDAP "SAM".  M$ workstations
join the domain, creating objects in the LDAP Dit,  UNIX<->M$ password
sync is a pretty trivial affair.

>Also, address books for windows (outlook), netscape, etc. aren't
>those able to be stored in ldap?  Then the followup to this, how (and

Yes.  Outlook can query but not update an LDAP address book. Netscape
(I'm told) can do both.  Clients like IMP or Evolution work very will
with LDAP address books.  It works nicely if your user base is stored in
LDAP as you get and address book of them automatically.

You can also control sendmail (aliases, mail routing, access control,
generic table, virtusers table) from a central point without rebuilding
hash files, distribute /etc/printcap information, etc... It is much
nicer as the network grows than managing dozens upon dozens of config
files.

>where) do I begin to add users to the ldap directory.  The openldap page
>just basically says how to get it set up and running which I've done,
>but not the practical methods for using it.  Could someone please
>enlighten me or point me in the right direction?  Thanks so much in
>advance.
 
I have a "presentation"  at ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf
that you might find helpful.

>P.S. - Is there a consensus "good" GUI administratrion tool for this?

Some people like "Directory Administrator" but I'm afraid there isn't a
tool yet that does it all.  I do alot of work in gq, and I've written a
PHP front end for our specific needs with I'd be willing to send but I'm
afraid. it may be useless to anyone else.

The trouble is (for us) not many of the tools deal with posixAccount +
sambaAccount objects which all of our users are.

References:
- General Issues
  - From: "Glover George" <dime@gulfsales.com>

Prev by Date: Re: General Issues
Next by Date: RE: General Issues
Index(es):
- Chronological
- Thread