Ldap

UGCS uses ldap to handle all of our "directory" information, including users, home directories, UIDs, etc. We have two ldap servers that are supposed to keep each other sync'd: hera is our main server, and zeus is the slave. Replication is currently broken- something with the kerberos auth.

Authentication to edit ldap comes from Kerberos/GSSAPI. Sysadmins have full access to change everything, other users can only edit their own records.

ldapedit is a very useful command that lets you input LDIF to update anything in ldap.

ldap configuration is in /etc/ldap on the ldap servers- it is put there by cfengine from hosts/ldap.

See also Ldap_Schema for customized LDAP schemas that we have.