FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 10-27-2010, 05:12 PM
Orion Poplawski
 
Default What are people using to manager user accounts?

I'd be very interested to know what tools people are using to manage user
accounts in the directory server. Currently we are using a modified version
of fdstools because we have a Posix + Samba environment, but would be
interested in other solutions that may be out there.

Thanks!

--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane orion@cora.nwra.com
Boulder, CO 80301 http://www.cora.nwra.com
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 10-28-2010, 01:38 AM
brandon
 
Default What are people using to manager user accounts?

On 10/27/2010 11:12 AM, Orion Poplawski wrote:
> I'd be very interested to know what tools people are using to manage user
> accounts in the directory server. Currently we are using a modified version
> of fdstools because we have a Posix + Samba environment, but would be
> interested in other solutions that may be out there.

I use GIR (Generalized Identity Replicator)--originally developed with
Sun DS about 8 years ago. It was designed initially as a meta-directory
server integrating Oracle users, flat passwd updates for non-LDAP hosts,
Netscape/Sun/Redhat DS, AD and more. It has very simple and easy to use
user management. I just updated it and deployed it at a large
government site. I believe there are some features newer to Fedora DS
that it could use (like triggered updates), but right now it also
handles things like groups and whatnot so AD sensitive applications also
have the values they are looking for.

It is OSS, and I need to release a new version. It is written in Perl,
uses an Abstract API for easy extensibility of unique data stores (if
you are into perl programming), has an encrypted message bus, so if
something is down it'll keep retrying to make an update, etc. It uses a
web front-end.

Currently, one GIR system manages three discrete directory structures,
and synchronizes accounts with AD (limited to just locked/disabled
status for now). When you change a user's information/groups/etc in GIR
it replicates to all directories (because we don't use passwords in AD
it does not replicate there, but it could, if we did).

http://sourceforge.net/projects/gir/

If you are interested in rolling up your sleeves, I could get you the
3.0 version. It should run without much effort in Redhat/Centos, just
contact me offline.

Oh, and because I'm still not happy with where FreeIPA is at yet, I
actually have a simple, simple mechanism of creating a "host" computer
account, and joining linux hosts using one account per host, instead of
a general proxy account. There is a script "join-domain" that does all
the LDAP config stuff, plus creates the host password (randomly
generated) and inserts it into the tree. This largely came about because
the built-in redhat auth scripts are broken when using only SSL with
private CA certs, and I had to keep rewriting the ldap.conf file anyway,
so why bother with the core OS stuff when it is broken. It is really
just an interim solution until FreeIPA matures, but it is better than
one generic proxy account for all hosts, and it is way better than
anonymous binding (we also run our entire environment encrypted).

-Brandon
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 10-28-2010, 10:21 AM
Daniel Maher
 
Default What are people using to manager user accounts?

On 10/27/2010 07:12 PM, Orion Poplawski wrote:
> I'd be very interested to know what tools people are using to manage user
> accounts in the directory server. Currently we are using a modified version
> of fdstools because we have a Posix + Samba environment, but would be
> interested in other solutions that may be out there.
>
> Thanks!
>

We've been using LAM (LDAP Account Manager) for a while now. It's
simple, but it works, and it handles both Posix and Samba concerns quite
nicely.

http://www.ldap-account-manager.org/


--
Daniel Maher <dma + 389users AT witbe DOT net>
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 04:01 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org