Lars Staun Knudsen <[EMAIL PROTECTED]> writes: > Hi > > I'm trying to setup OpenLDAP on Debian Sarge, my plan is use it for > authentication for Linux/MacOs clients, mail-server, WebDav on > apache2 and etc.
Get acqainted with SASL Authentication and OpenLDAP as backend, in particular with auxprop ldapdb. > 1) What is the best way to administrate users. My only user planning > experience is with MySQL, where there was one table with basic > userinfo (name, loginname), and then a new table for every > application with a specific needed field and a UserID for reference. > "Deploying OpenLDAP" mentions the same way, but how do you do that > pratical? There are lots of administration tools around, web2ldap, phpLDAPadmin, JXplorer etc. > Below i got the start of my basestructure.ldif, where plan to create > a dc for every function and one for all the users. But what if i > have user "uid=lsk" in users.utysket.dk, how to make the user a > member of logon.utysket.dk (so the user is allowed to log in to the > system). Or is there a better way to control "membership", > permissions in difference parts. Just create users and define functions as group with attribute type member > And again if the user should have permission to FX edit a wiki, > (uid=lsk,?)ou=wiki,dc=online,dc=utysket,dc=dk. How do i add the user > as a virtual user instead of having double data? Same as above or define a dynamic group > 2) What is objectClass in the ldif's referring to? When i create my > ldif's, i often get error because I don't know which objectclass to > write. Use a schema browser to detect object classes and their attribute types. Read the OpenLDAP Admin Guide, RFC-4512, ITU-T X.501 and other documentation on directory design. > 3) What do you general use when adding new users, scripts that > creates the ldif's, a gui-client or just the ldap-utils. This depends on your requirements. If you only add a few users at a time, use a administratioin tool, if you have to do bulkload use the ldap client tools. -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6 --- You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
