LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 10-19-2006, 08:40 PM   #1
bx.s
LQ Newbie
 
Registered: Jan 2006
Distribution: Ubuntu
Posts: 13

Rep: Reputation: 0
LDAP authentication and flat files


I help manage a small server and cluster. Currently we are in the process in phasing in a new server running RedHat Enterprise 3. We want this server to have a central LDAP directory for user authentication to the server and the client machines. We have LDAP set up to a point in which our dummy users can authenticate on the server itself and into a client machine.

We would like to make a decision on whether to leave the flat files and keep them synchronized with LDAP or to just use LDAP for our user account information. We have played with the idea of moving out users completely to LDAP, but we like exploiting "useradd" because it does a lot of the dirty work (making home directory, setting UID and GID, etc) and it is useful to have /etc/passwd around as it is easier to search at this point than LDAP. Has anybody had any expierance with transerring completely to LDAP or keeping the flat files and LDAP synchronize who would like to share it? Are there any good ways to keep the flat files and LDAP synchronized? How do most administrators manage their LDAP users? I have seen GUIs floating around, but we need to script user account creation and deletion so those aren't an option.

Thank you!
 
Old 10-20-2006, 02:01 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,378

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
i wouldn't suggest maintaining flat files at all.. what is the point? there are plenty of ways to add users the same way as you're currently used to, e.g. http://prope.insa-lyon.fr/~ppollet/ldap/ and things like making homne directories shouldn't really matter as pam can automatically create them if they are found to be missing on first login.
 
Old 10-22-2006, 12:21 PM   #3
bx.s
LQ Newbie
 
Registered: Jan 2006
Distribution: Ubuntu
Posts: 13

Original Poster
Rep: Reputation: 0
Thank you for your suggestions. I guess the reason why we would like to keep flat files is because we trust them and we have been using them for so long that we enjoy grepping through the files for various purposes. Not to mention that we have various scripts based on /etc/passwd. However those scripts you posted will help if we decide against flat files/
 
Old 10-22-2006, 12:32 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,378

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
don't forget there are commands like getent which will go off to whatever sources you want and provide back output identical to the contents of /etc/passwd, so your grepping needn't change at all...
 
Old 10-26-2006, 01:29 PM   #5
bx.s
LQ Newbie
 
Registered: Jan 2006
Distribution: Ubuntu
Posts: 13

Original Poster
Rep: Reputation: 0
Please excuse the newbie question, but how do I get the system to look up UID, GIDs, etc in LDAP instead of in the flat files? When I log into accounts that don't exist in /etc/passwd, the system cannot figure out the UID
so I get messages like "id: cannot find name for user ..." I have slapd.conf set so that * can read everything but passwords, so I figure that the system isn't even trying. Is this something i need to fix in nsswitch? Right now in the file, both flat and ldap are listed for passwd, shadow and group.

Last edited by bx.s; 10-26-2006 at 01:39 PM.
 
Old 10-27-2006, 04:18 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,378

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
if you run "getent passwd" you'll be given a list of all potentially valid user entities in passwd format. if your remote user does not appear in that list then you will need to look into the ldap backend itself.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ldap authentication goestin Linux - Networking 2 12-27-2005 11:27 AM
permissions on flat file php authentication blizunt7 Linux - Security 2 11-23-2005 06:13 AM
Ldap Authentication joeyBig Programming 1 08-25-2004 10:00 AM
ldap authentication box_l Mandriva 0 03-22-2004 03:24 AM
LDAP Authentication Staceman Linux - Software 0 07-31-2003 08:14 AM


All times are GMT -5. The time now is 04:22 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration