Hi,

I have been contemplating Linux at work for a while now, however theres one thing i would like to know about before i go testing migrations. Directory Services.


I have read about KDE being able to be controlled by LDAP and also that LDAP can be used for user authentication, this sounds great as it means i could have something that operates like AD for linux.

The only issue on this is how? What packages and tools are there to simply create an LDAP database that can be used for not only users, but desktop configuration. comming from AD and history of MS networking, seeing documentation on LDAP can be confusing at best for me. I had assumed there would be a directory services package that could be used fairly easily and also without too much work on my part.

having a ldap database seem logical for me, as we currently have an active directory network, with win xp pro clients, configured with group policy, which not only locks users out of certain areas, but also talioring the interface to a standard that allows ease of use. basically taking away anything they don't need as not to confuse.

i would aim for similar functionality in a directory services client for linux, but as said, am unsure where to look. i personally use and like Mepis, a debian derived distro, but i would evaluate any distro for not only the server, but also the client if it meant we could have this funtionality.

Hope this makes sense, if you have any further questions let me know.

Alan

Well, after some research, i think the theory of it all has been anwsered for me.

To replace an AD like structure, it would seem the following is needed:

LDAP v3 (OpenLDAP, OpenSSL, SASL, Kerberos v5)

or to wait for samba LDB although it isn't going to be an official LDAP database

www bayour com/LDAPv3-HOWTO.html

To enable desktop configuration lockdown:

On linux with KDE:

Use NFS or AFS for /var/lib/kde-profiles after running Kiosk.

Cron a copy of /etc/kde-user-profiles from the server to the clients

extend the ldap schema to include posixAccount, shadow Account and posixGroup and map the kiosk profile to a posixGroup.
add the users to the spefic posixGroup
seems the schema rfc2307-usergroup would have to be used or something similar/compatiple with openldap (its an edirectory schema)

www novell com/coolsolutions/feature/1640.html

store files using nfs on /home

On windows:

Use pgina or samba mapped to ldap for logon authentication

pgina xpasystems com

create user profiles with nt4 poledit using custom adms
store files on samba shares

www pcc-services com/projects.html

To deploy applications to the now group policy less windows workstations.

use kixtart scripts to deploy applications

www pcc-services com/projects.html


Windows rollout:

use a winnt.sif answer file on a floppy disk that builds from either a samba share or from the windows cd
if using samba, join the samba domain, if using pgina, install in a workgroup and run pgina afterwards


Linux Rollout:

a black hole at the moment, still looking into it.

Hope this helps other people with a similar view on directory services/ network deployments a starting point.
if anyone can contribute or point me in the right direction, it would be greatly appreciated.


Alan

Here is some helpful information about using Samba with MS Active Directory.

http://us2.samba.org/samba/docs/man/...TO-Collection/

Section 5 on this page discusses Samba domain participation, AD, and LDAP.

One of the discussions listed on that page discusses Samba integration in the MS AD environment in the form of a case study. It is terribly biased but still useful. I read it the other day. Now I'm trying to find it again. The thrust of the discussion was that Samba can participate in a MS AD environment in the same way that an MS NT4 machine can. If I find that discussion I will post a link to it here.