On Sat, 2009-06-06 at 15:53 -0500, Doug Coats wrote:
I am new to using CentOS-DS and LDAP and I am having difficulty
finding solid information on setting up using CentOS-DS as the
information and authentification center of my network.
I have googled a number of different combinations looking for the
informaiton I need but have not found any good resources to setup what
I am after. I have downloaded and am going over the Red Hat
documentation and where it is very informative it certainly is not a
Howto.
My biggest need for resources is in setting up the authentification of
different services and LDAP.
I am using CentOS 5.3 and CentOS-DS 8.1. These I have installed and
running on a test server.
I would like to accomplish the following things in this order.
Linux authentification
Samba authentification
Dovecot authentification
So my questions to begin with are: How do I get Linux to use LDAP to
authenticate instead of the passwd and shadow files?
Once I get that to work: How do I get Linux to to do the normal things
it does with adduser (like create a home directory, create a group,
and things I can't think of)?
If anyone could push me in the right direction I would really appreciate it.
<snip>
We are using almost an identical setup except for Dovecot and we started
with DS 8.0 and upgraded to 8.1. I'm afraid I'm up to my eyeballs in a
project so I can't customize this for you but I'll paste in as much of
our internal documentation as would be prudent to do. You will need to
understand the principles behind the steps so you can adapt it
accordingly. For example, we installed the master replica on a vserver
- a great project (
www.linux-vserver.org) but it does introduce some
complexity to LDAP. We also use a RO replica on KVM. Both are in an
iSCSI environment. We also sync passwords with Active Directory for
multiple clients - oh, and yes, this is a multi-tenant environment -
hence the unusual hierarchical structure and bizarre ACIs. As I said,
you will need to adapt but hopefully this will get you started. (and I
hope it is not dropped for SPAM because of its length - hmm come to
think of it, I think I'll send this email separately and then send the
same email with all the notes. This way, if it does get trapped as
SPAM, you can fish it out).
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan(a)opensourcedevel.com
http://www.spiritualoutreach.com
Making Christianity intelligible to secular society