LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   LDAP authentication and flat files (https://www.linuxquestions.org/questions/linux-general-1/ldap-authentication-and-flat-files-493993/)

bx.s 10-19-2006 08:40 PM
LDAP authentication and flat files
 
I help manage a small server and cluster. Currently we are in the process in phasing in a new server running RedHat Enterprise 3. We want this server to have a central LDAP directory for user authentication to the server and the client machines. We have LDAP set up to a point in which our dummy users can authenticate on the server itself and into a client machine.

We would like to make a decision on whether to leave the flat files and keep them synchronized with LDAP or to just use LDAP for our user account information. We have played with the idea of moving out users completely to LDAP, but we like exploiting "useradd" because it does a lot of the dirty work (making home directory, setting UID and GID, etc) and it is useful to have /etc/passwd around as it is easier to search at this point than LDAP. Has anybody had any expierance with transerring completely to LDAP or keeping the flat files and LDAP synchronize who would like to share it? Are there any good ways to keep the flat files and LDAP synchronized? How do most administrators manage their LDAP users? I have seen GUIs floating around, but we need to script user account creation and deletion so those aren't an option.

Thank you!

acid_kewpie 10-20-2006 02:01 PM
i wouldn't suggest maintaining flat files at all.. what is the point? there are plenty of ways to add users the same way as you're currently used to, e.g. http://prope.insa-lyon.fr/~ppollet/ldap/ and things like making homne directories shouldn't really matter as pam can automatically create them if they are found to be missing on first login.

bx.s 10-22-2006 12:21 PM
Thank you for your suggestions. I guess the reason why we would like to keep flat files is because we trust them and we have been using them for so long that we enjoy grepping through the files for various purposes. Not to mention that we have various scripts based on /etc/passwd. However those scripts you posted will help if we decide against flat files/

acid_kewpie 10-22-2006 12:32 PM
don't forget there are commands like getent which will go off to whatever sources you want and provide back output identical to the contents of /etc/passwd, so your grepping needn't change at all...

bx.s 10-26-2006 01:29 PM
Please excuse the newbie question, but how do I get the system to look up UID, GIDs, etc in LDAP instead of in the flat files? When I log into accounts that don't exist in /etc/passwd, the system cannot figure out the UID
so I get messages like "id: cannot find name for user ..." I have slapd.conf set so that * can read everything but passwords, so I figure that the system isn't even trying. Is this something i need to fix in nsswitch? Right now in the file, both flat and ldap are listed for passwd, shadow and group.

acid_kewpie 10-27-2006 04:18 AM
if you run "getent passwd" you'll be given a list of all potentially valid user entities in passwd format. if your remote user does not appear in that list then you will need to look into the ldap backend itself.


All times are GMT -5. The time now is 07:54 AM.