[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Usermod problems with ldap

To: <michael@stroeder.com>
Subject: RE: Usermod problems with ldap
From: <okossuth@antel.com.uy>
Date: Thu, 19 Feb 2009 10:23:06 -0200
Cc: openldap-technical@openldap.org
Content-class: urn:content-classes:message
Importance: normal
In-reply-to: <499D4C2D.1030000@stroeder.com>
Thread-index: AcmSi6uB80OsGavXRzau3JaPwLk3MQAAIh4g
Thread-topic: Usermod problems with ldap

Ok, it makes sense to do the users/groups administration from a LDAP client
instead of doing it from each of the servers the OpenLDAP server manage..because if not
why use an LDAP server at all ?? hehe
Phpldapmyadmin works great using posixGroup with the memberUid attribute
so I think it's good practice to do all my administration from the LDAP client like
phpldapadmin in able to use the getent or id commands from the servers without any hassle, and obviously not using usermod anymore..

Thanks for your help

Saludos,

Oskar Kossuth
Administrador UNIX
ANTEL Telecomunicaciones

-----Mensaje original-----
De: Michael Ströder [mailto:michael@stroeder.com]
Enviado el: Thursday, February 19, 2009 9:10 AM
Para: Kossuth Espinosa, Oskar
CC: openldap-technical@openldap.org
Asunto: Re: Usermod problems with ldap

okossuth@antel.com.uy wrote:
> Ok so you are telling me to not use usermod at all and just do the modifications with
> a LDAP client tool like phpldapadmin?

Yes, if the LDAP client tool manages the right attribute. I don't know
phpldapadmin in detail.

This default configuration for group maintenance is in the standard
source distribution of web2ldap:

# The definitions for group entry administration
groupadm_defs={
'groupOfNames': ('member',None),
'groupOfUniqueNames': ('uniqueMember',None),
'organizationalRole': ('roleOccupant',None),
'rfc822MailGroup': ('mail','mail'),
'nisMailAlias': ('rfc822MailMember','mail'),
'mailGroup': ('mgrprfc822mailmember','mail'),
# Found on IBM SecureWay Directory
'accessGroup': ('member',None),
# RFC2370
'posixGroup': ('memberUid','uid'),
'nisNetgroup': ('memberNisNetgroup','uid'),
# Samba 3.0
'sambaGroupMapping': ('sambaSID','sambaSID'),
# Active Directory
'group': ('member',None),
# draft-findlay-ldap-groupofentries
'groupOfEntries': ('member',None),
},

I think you get the idea. It can be customized for particular LDAP
target servers or name spaces to meet your needs. Being the author of
web2ldap I'm biased off course.

Ciao, Michael.

El presente correo y cualquier posible archivo adjunto está
dirigido únicamente al destinatario del mensaje y contiene información
que puede ser confidencial. Si Ud. no es el destinatario correcto por
favor notifique al remitente respondiendo anexando este mensaje y elimine
inmediatamente el e-mail y los posibles archivos adjuntos al mismo de su
sistema. Está prohibida cualquier utilización, difusión o copia de este
e-mail por cualquier persona o entidad que no sean las específicas
destinatarias del mensaje. ANTEL no acepta ninguna responsabilidad con
respecto a cualquier comunicación que haya sido emitida incumpliendo
nuestra Política de Seguridad de la Información.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
This e-mail and any attachment is confidential and is intended solely for
the addressee(s). If you are not intended recipient please inform the
sender immediately, answering this e-mail and delete it as well as the
attached files. Any use, circulation or copy of this e-mail by any person
or entity that is not the specific addressee(s) is prohibited. ANTEL is
not responsible for any communication emitted without respecting our
Information Security Policy.

References:
- Re: Usermod problems with ldap
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: DO script IF ldap-useraccount GETS LOCKED ...
Next by Date: olcSyncprovConfig not converted for cn=config
Index(es):
- Chronological
- Thread