Ldap

From UGCS

(Difference between revisions)

Revision as of 07:29, 2 May 2009

UGCS uses ldap to handle all of our "directory" information, including users, home directories, UIDs, etc. We have two ldap servers that are supposed to keep each other sync'd: hera is our main server, and zeus is the slave. Replication is currently broken- something with the kerberos auth.

Authentication to edit ldap comes from Kerberos/GSSAPI. Sysadmins have full access to change everything, other users can only edit their own records.

ldapedit is a very useful command that lets you input LDIF to update anything in ldap.

ldap configuration is in /etc/ldap on the ldap servers- it is put there by cfengine from hosts/ldap.

See also Ldap_Schema for customized LDAP schemas that we have.

Ldap

Revision as of 07:29, 2 May 2009

Views

Personal tools

Navigation

Search

Toolbox

@@ Line 1: / Line 1: @@
-UGCS uses ldap to handle all of our "directory" information, including users, home directories, UIDs, etc.  We have two ldap servers that are supposed to keep each other sync'd: hera is our main server, and zeus is the slave.
+UGCS uses ldap to handle all of our "directory" information, including users, home directories, UIDs, etc.  We have two ldap servers that are supposed to keep each other sync'd: hera is our main server, and zeus is the slave.  Replication is currently broken- something with the kerberos auth.
+Authentication to edit ldap comes from Kerberos/GSSAPI.  Sysadmins have full access to change everything, other users can only edit their own records.
 ldapedit is a very useful command that lets you input LDIF to update anything in ldap.
@@ Line 5: / Line 7: @@
 ldap configuration is in /etc/ldap on the ldap servers- it is put there by cfengine from hosts/ldap.
-See also [[Ldap_Schema]] for customized LDAP  schemas that we have.
+See also [[Ldap_Schema]] for customized LDAP schemas that we have.
 [[Category:Sysadmin_Documentation]]