[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: NSS/PAM_LDAP Management



Hello Greg,

I'm not an expert on this but I believe you can just use the standard
useradd userdel functions to
add and delete users, and through the integration of LDAP into nss/pam it
will add the user, create
home directory etc. I think the problem you're having with the password is
to do with permissions
on the ldap database, can't remember how to fic it though.

5K+ records shouldn't be any problem what so ever.

Hello all,
	I am in the process of evaluating the usage of nss/pam_ldap for a
5-6 thousand user Linux network. I have everything working just peachy by
using RedHat 6.2 and the stock OpenLDAP/nss/pam_ldap modules that come
"stock".
	I have a couple of questions that I need to have a clear answer on
before I commit to using this. I figured that this was the place to ask!
;)

1. How does one create new accounts? I.E. Is there a set of utilities that
   provide the same functionality as "useradd" and "userdel" from the
   command line? I've been using LDAPXplorer under PHP-3 to create
   accounts, but that does not create home directories, figure out group
   mappings and the like. How do you guys do it?

2. When I attempt to change a password from the command line now, I get
   th following dialog. Any pointers would be helpful..

[root@tori openldap]# passwd
New UNIX password:
Retype new UNIX password:
Enter login(LDAP) password:
New password:
Re-enter new password:
LDAP password information update failed: Insufficient access
passwd: all authentication tokens updated successfully

3. Any performance issues to be concerned about with 5,000 entries?

Thanks..