Ldap

From UGCS
Jump to: navigation, search

UGCS uses ldap to handle all of our "directory" information, including users, home directories, UIDs, etc. We have two ldap servers that are supposed to keep each other sync'd: hera is our main server, and zeus is the slave.

Authentication to edit ldap comes from Kerberos/GSSAPI. Sysadmins have full access to change everything, other users can only edit their own records.

ldapmodify is a very useful command that lets you input LDIF to update anything in ldap. Ldapedit is a custom command we wrote that makes it easier to update your own settings.

Hera backs up its database once a day into a format that can be stored by other backup mechanisms (otherwise just backing up the raw bdb will be garbage)

ldap configuration is in /etc/ldap on the ldap servers- it is put there by cfengine from hosts/ldap.

See also Ldap_Schema for customized LDAP schemas that we have.

Our LDAP servers are listed in a few places on each machine. They are:

  • /etc/ldap/ldap.conf This contains the default server for ldapsearch operations
  • /etc/libnss-ldap.conf This contains the ldap servers for use with NSS lookups (usernames, uids, etc)
Retrieved from "http://www.ugcs.caltech.edu/wiki/Ldap"
Personal tools