On 25/10/09 16:38, Samuel Penn wrote: > On Sunday 25 October 2009 16:07:14 Adrian Bridgett wrote: >> I normally use phpldapadmin (or ldapvi for more global things).
> Okay, I may have a look at that as well. >> TBH I think running LDAP at home is generally more hassle than it's >> worth. Okay, so I do run LDAP at home, but that's since I use it as a >> test bed for doing LDAP work. > Possibly. However, not using it is also a hassle. I've got > a jabber server, an IMAP and webmail server, several wiki's > (one internal, some external), subversion and CVS repositories > plus potentially an OpenId server. Oh, and samba and CUPS as > well. Well, CUPS can read/write LDAP if the schema and DIT are correct (although the documentation for this is still ropey as hell, it's easier than it looks :) ) > Even ignoring UNIX logins to desktops and servers, it would be > be nice to harmonize passwords across my main services. > Given that my old server is still running fine, I've got a > bit of time in which to play around with options to see whether > going down this route works. > I'm well aware that I may have been begging the question, and > that I should have asked "how can I easily manage users" > instead of deciding on OpenLDAP from the start, but OpenLDAP > is the only option I'm aware of that is commonly supported. With LDAP, the hardest part is going to be the initial design and DIT layout, really. To do that you need to sort out the attributes that different users (and applications) require and pick schema accordingly. Layout choices normally revolve around replication/partitioning (probably not an issue here) and access control requirements. With the multitude of applications/services you want to use with LDAP, it's always going to be complicated. Possibly even complex. You probably want SSL as well - particularly if you're doing auth against LDAP from external sources (but I'd assume you already have this for some of your services) I stand by my recommendation for the 389 directory server: http://directory.fedoraproject.org ...which has some nice graphical tools (unfortunately they require java, but do work (IIRC) with openjdk now) Regards, Stuart -- Stuart Sears RHCA etc. "It's today!" said Piglet. "My favourite day," said Pooh. -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --------------------------------------------------------------
