[Date Prev][Date Next]
Re: NSS/PAM_LDAP Management
> Hello all,
> I am in the process of evaluating the usage of nss/pam_ldap for a
> 5-6 thousand user Linux network. I have everything working just
> peachy by using RedHat 6.2 and the stock OpenLDAP/nss/pam_ldap
> modules that come "stock".
> I have a couple of questions that I need to have a clear
> answer on before I commit to using this. I figured that this was
> the place to ask!
> 1. How does one create new accounts? I.E. Is there a set of
> utilities that provide the same functionality as "useradd" and
> "userdel" from the command line? I've been using LDAPXplorer
> under PHP-3 to create accounts, but that does not create home
> directories, figure out group mappings and the like. How do you
> guys do it?
I made some scripts on perl. You can modify useradd o userdel
as you need. In my case, just IMAP accounts was created.
> 2. When I attempt to change a password from the command line
> now, I get th following dialog. Any pointers would be helpful..
> [root@tori openldap]# passwd
> New UNIX password:
> Retype new UNIX password:
> Enter login(LDAP) password:
> New password:
> Re-enter new password:
> LDAP password information update failed: Insufficient access
> passwd: all authentication tokens updated successfully
It depends of your ACL. But pam-ldap on RedHat-6.2 is pam_ldap-0.46.
I found that pam_ldap changed the password binding with uid, but
it tried to change the ShadowLastChange attribute binding
anonymously. Furthermore, you got an error. You can patch it,
or you can wait until pam_ldap-0.47 will be release. It will
be patched on next release.
> 3. Any performance issues to be concerned about with 5,000 entries?
My machine have 9555 users authenticanting with pam_ldap.
Pentium-II 450Mhz, 128Mb RAM... 18Gb IDE(!!!) disks, just
kidding!. Obviously, it's my own desire change them to
SCSI disks. More memory will be added shortly, just
German Poo Caaman~o
"La historia no se lee, se escribe"