Ldap

From UGCS

Revision as of 21:14, 2 May 2009 by Jdhutchin@ugcs.caltech.edu (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

UGCS uses ldap to handle all of our "directory" information, including users, home directories, UIDs, etc. We have two ldap servers that are supposed to keep each other sync'd: hera is our main server, and zeus is the slave.

Authentication to edit ldap comes from Kerberos/GSSAPI. Sysadmins have full access to change everything, other users can only edit their own records.

ldapmodify is a very useful command that lets you input LDIF to update anything in ldap. Ldapedit is a custom command we wrote that makes it easier to update your own settings.

Hera backs up its database once a day into a format that can be stored by other backup mechanisms (otherwise just backing up the raw bdb will be garbage)

ldap configuration is in /etc/ldap on the ldap servers- it is put there by cfengine from hosts/ldap.

See also Ldap_Schema for customized LDAP schemas that we have.

Ldap

Views

Personal tools

Navigation

Search

Toolbox