[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Usermod problems with ldap

Ok, it makes sense to do the users/groups administration from a LDAP client
instead of doing it from each of the servers the OpenLDAP server manage..because if not
why use an LDAP server at all ?? hehe
Phpldapmyadmin works great using posixGroup with the memberUid attribute
so I think it's good practice to do all my administration from the LDAP client like
phpldapadmin in able to use the getent or id commands from the servers without any hassle, and obviously not using usermod anymore..

Thanks for your help


Oskar Kossuth 
Administrador UNIX
ANTEL Telecomunicaciones

-----Mensaje original-----
De: Michael Ströder [mailto:michael@stroeder.com] 
Enviado el: Thursday, February 19, 2009 9:10 AM
Para: Kossuth Espinosa, Oskar
CC: openldap-technical@openldap.org
Asunto: Re: Usermod problems with ldap

okossuth@antel.com.uy wrote:
> Ok so you are telling me to not use usermod at all and just do the modifications with 
> a LDAP client tool like phpldapadmin?

Yes, if the LDAP client tool manages the right attribute. I don't know
phpldapadmin in detail.

This default configuration for group maintenance is in the standard
source distribution of web2ldap:

    # The definitions for group entry administration
      'groupOfNames':       ('member',None),
      'groupOfUniqueNames': ('uniqueMember',None),
      'organizationalRole': ('roleOccupant',None),
      'rfc822MailGroup':    ('mail','mail'),
      'nisMailAlias':       ('rfc822MailMember','mail'),
      'mailGroup':          ('mgrprfc822mailmember','mail'),
      # Found on IBM SecureWay Directory
      'accessGroup':        ('member',None),
      # RFC2370
      'posixGroup':         ('memberUid','uid'),
      'nisNetgroup':        ('memberNisNetgroup','uid'),
      # Samba 3.0
      'sambaGroupMapping':  ('sambaSID','sambaSID'),
      # Active Directory
      'group':              ('member',None),
      # draft-findlay-ldap-groupofentries
      'groupOfEntries':     ('member',None),

I think you get the idea. It can be customized for particular LDAP
target servers or name spaces to meet your needs. Being the author of
web2ldap I'm biased off course.

Ciao, Michael.

El   presente  correo   y   cualquier    posible   archivo   adjunto  está
dirigido  únicamente  al destinatario  del  mensaje y contiene información
que  puede ser  confidencial.  Si  Ud. no es el destinatario  correcto por 
favor notifique al remitente respondiendo  anexando este mensaje y elimine 
inmediatamente   el e-mail y los posibles archivos adjuntos al mismo de su 
sistema. Está  prohibida  cualquier utilización,  difusión o copia de este 
e-mail por   cualquier  persona  o  entidad  que  no  sean las específicas 
destinatarias del  mensaje.  ANTEL  no acepta  ninguna responsabilidad con 
respecto  a cualquier  comunicación  que  haya sido  emitida  incumpliendo
nuestra Política de Seguridad de la Información.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
This e-mail and any attachment is confidential and is  intended solely for 
the addressee(s).  If you are not  intended  recipient  please  inform the 
sender immediately,  answering  this  e-mail and  delete it as well as the 
attached files. Any use, circulation or copy of this e-mail by  any person 
or entity that is not the specific  addressee(s)  is prohibited.  ANTEL is 
not  responsible  for  any  communication  emitted  without respecting our
Information Security Policy.