FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 08-12-2008, 04:29 AM
"Russell Miller"
 
Default can I ditch the gui?

Hi all,

OK, I run a moderate sized LDAP system that I inherited.* It's been broken to one degree or another for literally years and it's my task to fix it.* I've already upgraded every single server to redhat-ds 8, and am in the process of nailing down a few bugs that we have never been able to address.* Not being able to change expired passwords, etc.


I would like to integrate setup with, say puppet.* I would like to be able to say "OK, here's a host, let's build a working LDAP setup, *without human intervention*.".* It seems to be impossible.* Many steps I can't do except for through the GUI, the SSL key setup (which I can do via command line using certutil though it doesn't seem to be documented and I don't know yet how to do a request) is very awkward, and basically setting up a new server is currently an intensely manual process.


I don't like this.

I would like a command like utility of some kind where I can do everything the admin gui can do - turning options on and off, etc.* And I would like just one tool, not having to go around to all sorts of different places and change entries here and there.* I know it can be done because the gui does it.* How about making it admin friendly?


Or am I missing something and it's already there?

Thanks,

--Russell

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 08-12-2008, 03:50 PM
Rich Megginson
 
Default can I ditch the gui?

Russell Miller wrote:


Hi all,

OK, I run a moderate sized LDAP system that I inherited. It's been
broken to one degree or another for literally years and it's my task
to fix it. I've already upgraded every single server to redhat-ds 8,
and am in the process of nailing down a few bugs that we have never
been able to address. Not being able to change expired passwords, etc.


I would like to integrate setup with, say puppet. I would like to be
able to say "OK, here's a host, let's build a working LDAP setup,
*without human intervention*.". It seems to be impossible. Many
steps I can't do except for through the GUI, the SSL key setup (which
I can do via command line using certutil though it doesn't seem to be
documented and I don't know yet how to do a request) is very awkward,
and basically setting up a new server is currently an intensely manual
process.


I don't like this.

I would like a command like utility of some kind where I can do
everything the admin gui can do - turning options on and off, etc.
And I would like just one tool, not having to go around to all sorts
of different places and change entries here and there. I know it can
be done because the gui does it. How about making it admin friendly?


Or am I missing something and it's already there?
You can do everything from the command line, including everything the
GUI does. The documentation describes how to do a task with the GUI and
how to do that same task with the command line in most cases [1]. If
you need more information about the configuration entries and
attributes, we have a reference manual [2]. The crypto/SSL commands are
not well documented, but you can use the -H argument to get some help
with certutil, pk12util, and modutil, as well as the examples on the
wiki [3].


If you decide to go this route, I strongly encourage you to use a
scripting language. I prefer python and python-ldap - you can do a
great deal of work quickly with these. I've also used perl in the
past. If you're interested, I have a collection of scripts I use to
perform various tasks.


Unfortunately, there is not one single command you can use to do
everything (e.g. dsadmin setupreplication host1 host2 or something like
that). The freeipa.org project has been established to make LDAP, NIS,
Kerberos, and eventually SSL easy to setup and deploy. While they may
not have all of the pieces, they have come a long way, and depending on
what your deployment looks like, you might be able to use freeipa.org to
easily and quickly set up your environment. http://www.freeipa.org/


1 - http://www.redhat.com/docs/manuals/dir-server/ag/8.0/index.html
2 - http://www.redhat.com/docs/manuals/dir-server/cli/8.0/index.html
3 - http://directory.fedoraproject.org/wiki/Howto:SSL


Thanks,

--Russell
------------------------------------------------------------------------

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 

Thread Tools




All times are GMT. The time now is 09:40 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org