Ldap
| Line 1: | Line 1: | ||
| − | UGCS uses ldap to handle all of our "directory" information, including users, home directories, UIDs, etc. We have two ldap servers that are supposed to keep each other sync'd: hera is our main server, and zeus is the slave | + | UGCS uses ldap to handle all of our "directory" information, including users, home directories, UIDs, etc. We have two ldap servers that are supposed to keep each other sync'd: hera is our main server, and zeus is the slave. |
Authentication to edit ldap comes from Kerberos/GSSAPI. Sysadmins have full access to change everything, other users can only edit their own records. | Authentication to edit ldap comes from Kerberos/GSSAPI. Sysadmins have full access to change everything, other users can only edit their own records. | ||
| − | + | ldapmodify is a very useful command that lets you input LDIF to update anything in ldap. Ldapedit is a custom command we wrote that makes it easier to update your own settings. | |
| + | |||
| + | Hera backs up its database once a day into a format that can be stored by other backup mechanisms (otherwise just backing up the raw bdb will be garbage) | ||
ldap configuration is in /etc/ldap on the ldap servers- it is put there by cfengine from hosts/ldap. | ldap configuration is in /etc/ldap on the ldap servers- it is put there by cfengine from hosts/ldap. | ||
Revision as of 21:14, 2 May 2009
UGCS uses ldap to handle all of our "directory" information, including users, home directories, UIDs, etc. We have two ldap servers that are supposed to keep each other sync'd: hera is our main server, and zeus is the slave.
Authentication to edit ldap comes from Kerberos/GSSAPI. Sysadmins have full access to change everything, other users can only edit their own records.
ldapmodify is a very useful command that lets you input LDIF to update anything in ldap. Ldapedit is a custom command we wrote that makes it easier to update your own settings.
Hera backs up its database once a day into a format that can be stored by other backup mechanisms (otherwise just backing up the raw bdb will be garbage)
ldap configuration is in /etc/ldap on the ldap servers- it is put there by cfengine from hosts/ldap.
See also Ldap_Schema for customized LDAP schemas that we have.
