Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I help manage a small server and cluster. Currently we are in the process in phasing in a new server running RedHat Enterprise 3. We want this server to have a central LDAP directory for user authentication to the server and the client machines. We have LDAP set up to a point in which our dummy users can authenticate on the server itself and into a client machine.
We would like to make a decision on whether to leave the flat files and keep them synchronized with LDAP or to just use LDAP for our user account information. We have played with the idea of moving out users completely to LDAP, but we like exploiting "useradd" because it does a lot of the dirty work (making home directory, setting UID and GID, etc) and it is useful to have /etc/passwd around as it is easier to search at this point than LDAP. Has anybody had any expierance with transerring completely to LDAP or keeping the flat files and LDAP synchronize who would like to share it? Are there any good ways to keep the flat files and LDAP synchronized? How do most administrators manage their LDAP users? I have seen GUIs floating around, but we need to script user account creation and deletion so those aren't an option.
i wouldn't suggest maintaining flat files at all.. what is the point? there are plenty of ways to add users the same way as you're currently used to, e.g. http://prope.insa-lyon.fr/~ppollet/ldap/ and things like making homne directories shouldn't really matter as pam can automatically create them if they are found to be missing on first login.
Thank you for your suggestions. I guess the reason why we would like to keep flat files is because we trust them and we have been using them for so long that we enjoy grepping through the files for various purposes. Not to mention that we have various scripts based on /etc/passwd. However those scripts you posted will help if we decide against flat files/
Please excuse the newbie question, but how do I get the system to look up UID, GIDs, etc in LDAP instead of in the flat files? When I log into accounts that don't exist in /etc/passwd, the system cannot figure out the UID
so I get messages like "id: cannot find name for user ..." I have slapd.conf set so that * can read everything but passwords, so I figure that the system isn't even trying. Is this something i need to fix in nsswitch? Right now in the file, both flat and ldap are listed for passwd, shadow and group.
if you run "getent passwd" you'll be given a list of all potentially valid user entities in passwd format. if your remote user does not appear in that list then you will need to look into the ldap backend itself.