[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Migrating passwd users on Cobalt RaQ

Kurt D. Zeilenga wrote:
slapd-passwd(5) says:
  This backend is provided for demonstration purposes only.

-- Kurt

In particular, it doesn't support write operations so it can't be used as an actual management tool. However, Symas (and probably others) have built up full-function modules along these lines. The Symas module supports not only /etc/passwd, /etc/group, and /etc/shadow, but also the TCB databases (e.g. /etc/security) used by AIX, HPUX, and SCO OpenServer, giving you fully LDAP-enabled management of native Unix/Linux security. (The upside of this approach vs pam/nss is that users can always login to a host, regardless of (loss of) access to a central LDAP server. The downside is that updating someone's account info can take a non-trivial amount of time as it replicates from the central server to every managed host.)

 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/