heya, On Wed, 2005-07-20 at 00:31 -0700, Bill Johnstone wrote: > Under Gentoo, when using OpenLDAP and the pam_ldap and nss_ldap suite > for user authorization and nameservices, what is the > accepted/recommended solution for user account management? I'm > referring specifically to native programs at the command-line, and > equivalent to the standard shadow suite tools, not something like > phpldapadmin.
Well by putting your accounts into LDAP you really should be using LDAP management tools to manage it. > I've noticed that typical programs such as chsh or chfn have PAM config > files -- can PAM tricks be used to make them work with the fields > accessible via nss_ldap? They can be but personally I would recommend against it. The reason for this is that in order to do so you have to setup a user that can write to any of your users attributes (ie in effect a root style user) and store that password in a file on the system. The security implications of that bother me so personally I don't empower the old style unix command line tools to do things like write back to the DIT in that fashion. > Also, there do seem to be packages listed in the database, such as > "cpu" and "diradm" that augment or replace the standard shadow suite to > deal with the data via LDAP. However, none of these are marked as > available on amd64. Why is that, and is there any way I can request or > help with the packages being made available and tested on amd64? They are all LDAP management tools NOT replacements for unix commands. As to why they are not available on amd64 can't help there sorry. regards, Benjamin Smee (strerror) -- [email protected] mailing list
