Kurt D. Zeilenga wrote:
slapd-passwd(5) says:
This backend is provided for demonstration purposes only.
-- Kurt
In particular, it doesn't support write operations so it can't be used
as an actual management tool. However, Symas (and probably others) have
built up full-function modules along these lines. The Symas module
supports not only /etc/passwd, /etc/group, and /etc/shadow, but also the
TCB databases (e.g. /etc/security) used by AIX, HPUX, and SCO
OpenServer, giving you fully LDAP-enabled management of native
Unix/Linux security. (The upside of this approach vs pam/nss is that
users can always login to a host, regardless of (loss of) access to a
central LDAP server. The downside is that updating someone's account
info can take a non-trivial amount of time as it replicates from the
central server to every managed host.)
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
