[tech] LDAP!

Leighton Haynes dayta at ucc.gu.uwa.edu.au
Fri Apr 15 10:52:15 WST 2005 

If it's going to be LDAP, why not use an active directory server as master. 
Then the windows boxes will be happy too.

Leighton....

On Fri, Apr 15, 2005 at 10:47:42AM +0800, Adrian Chadd wrote:
> 
> Grahame sent it to the wrong place.
> 
> 
> From:
> grahame at angrygoats.net (Grahame Bowland)
> 
> 
> To:
>  tech at ucs.uwa.edu.au
> 
> 
> Subject:
> Migrating UCC to LDAP
> 
> 
> Created:
> 15/04/2005 01:19:08
> 
> Hi guys
>  
>  I have created a clean debian machine over at UCS in a Xen. That machine
>  is running an LDAP server, and all local authentication is quite happily
>  running from that server. The server has been populated with the UCC
>  groups and accouts automatically generated from the NIS maps.
>  
>  My migration plan is as follows;
>   * install LDAP server on martello
>   * have LDAP server update from NIS periodically (easy)
>     this involves creating posixAccount/shadowAccount and 
>     group entries. Already pretty much finished.
>   * gradually move club room machines over to LDAP auth
>     easy for Debian boxen.
>     easy for MacOS X
>     other machines on a case-by-case basis
>   * once all machines are over, if we still need NIS make 
>     NIS slave from the LDAP config. This is just a simple script 
>     to parse a couple of LDAP queries and spit out /var/yp/passwd 
>     and /var/yp/group files, then run Make in that directory.
>  
>  Anyway, if all goes to plan mermaid will be doing LDAP authentication as
>  of tomorrow night. If that works, I'll move over mussel, madako and
>  other machines as I have the time.
>  
>  If anyone has comments? Also, as I'm going to be fiddling remotely at 
>  least some of the time please please let me know if you're fiddling as
>  well. 'grahame' on austnet is a good way to grab me.
>  
>  Have fun
>  Grahame
> 
> 
> 
> .. then
> 
> 
> From:
> grahame at angrygoats.net (Grahame Bowland)
> 
> 
> To:
>  tech at ucs.uwa.edu.au
> 
> 
> Subject:
> Mussel now doing LDAP
> 
> 
> Created:
> 15/04/2005 02:01:12
> 
> If you want to put it back to nis copy /etc/nsswitch.conf from
>  the /etc/pre-ldap directory. Seems to work though :-)
> 

-- 

#0421 113 305 - dayta at ucc.gu.uwa.edu.au
"People demand freedom of speech as a compensation for 
the freedom of thought they never use." - Kierkegaard

More information about the tech mailing list