> On Sep 18, 2016, at 2:25 PM, John Lewis <[email protected]> wrote: > > Right now I am trying to weigh my options for maintaining my POSIX > accounts on an OpenLDAP tree. > > I learned today that ldap templates in ldapscripts really don't work, so > if I want to go on using ldapscripts, I would have to run ldapmodify > after every account is created to get the gecos configured properly and > have a kerberos principal configured.
You could use an IdM product like midPoint to manage the RFC2307ish attributes in the directory. https://wiki.evolveum.com/display/midPoint/LDAP+PosixAccount+and+PosixGroup+Management
