Ldap
| Line 11: | Line 11: | ||
See also [[Ldap_Schema]] for customized LDAP schemas that we have. | See also [[Ldap_Schema]] for customized LDAP schemas that we have. | ||
| + | Our LDAP servers are listed in a few places on each machine. They are: | ||
| + | * /etc/ldap/ldap.conf This contains the default server for ldapsearch operations | ||
| + | * /etc/libnss-ldap.conf This contains the ldap servers for use with NSS lookups (usernames, uids, etc) | ||
[[Category:Sysadmin_Documentation]] | [[Category:Sysadmin_Documentation]] | ||
Revision as of 22:53, 2 May 2009
UGCS uses ldap to handle all of our "directory" information, including users, home directories, UIDs, etc. We have two ldap servers that are supposed to keep each other sync'd: hera is our main server, and zeus is the slave.
Authentication to edit ldap comes from Kerberos/GSSAPI. Sysadmins have full access to change everything, other users can only edit their own records.
ldapmodify is a very useful command that lets you input LDIF to update anything in ldap. Ldapedit is a custom command we wrote that makes it easier to update your own settings.
Hera backs up its database once a day into a format that can be stored by other backup mechanisms (otherwise just backing up the raw bdb will be garbage)
ldap configuration is in /etc/ldap on the ldap servers- it is put there by cfengine from hosts/ldap.
See also Ldap_Schema for customized LDAP schemas that we have.
Our LDAP servers are listed in a few places on each machine. They are:
- /etc/ldap/ldap.conf This contains the default server for ldapsearch operations
- /etc/libnss-ldap.conf This contains the ldap servers for use with NSS lookups (usernames, uids, etc)
