On 19 September 2016 at 14:01, Shawn McKinney <smckin...@symas.com> wrote:
> > > On Sep 18, 2016, at 2:25 PM, John Lewis <oflam...@gmail.com> wrote: > > > > Right now I am trying to weigh my options for maintaining my POSIX > > accounts on an OpenLDAP tree. > > > > I learned today that ldap templates in ldapscripts really don't work, so > > if I want to go on using ldapscripts, I would have to run ldapmodify > > after every account is created to get the gecos configured properly and > > have a kerberos principal configured. > > You could use an IdM product like midPoint to manage the RFC2307ish > attributes in the directory. > > https://wiki.evolveum.com/display/midPoint/LDAP+ > PosixAccount+and+PosixGroup+Management For long time I am using LdapAdmin http://www.ldapadmin.org/ It is portable, no installation needed. I am using it to manage OpenLdap mainly but also I am managing ActiveDirectory (only some fatures), Nokia NDS, etc. No problems so far.
