Re: Yet Another Beginner Question

[Jan-Piet Mens <jpm@Retail-SC.com>]

Hello Mark,


On Thu, 28 Mar 2002, Mark Lehrer wrote:

...
> Also, what is the best way to deal with keeping both the ldap database
> and /etc/passwd, /etc/shadow, and /etc/group, /etc/aliases in sync?  I
> would prefer to keep using the standard adduser tools, and vi to
> handle the aliases; would it make sense to have an periodic cron job
> blow away the LDAP info and re-load it, or is it better to re-generate
> these files from the LDAP database?

You don't necessarily have to re-generate anything. Why not use LDAP as a source
for your users and passwords and aliases ? If you have a system that supports it,
Linux and/or Solaris would do the trick, you can use name service switch (NSS)
and PAM for authenticating users out of your OpenLDAP directory. Go to
http://www.padl.org (easy to remember: LDAP spellt backwards :-) for the required
software. They even have a set of scripts which will allow migration of your
current passwd/shadow/group/aliases files to LDIF format.

The Sendmail MTA in its newer releases is able to retrieve just about anything
from an LDAP directory, specially including aliases(5). That would probably be
just your cup of tea. If you prefer, I understand Postfix, Qmail and Exim all
also support LDAP to some extent or another.

As to your earlier questions, may I suggest reading the LDAPman Articles on
http://www.ldapman.org/articles/index.html which I consider excellent.

Regards,
	-JP