Ok, it makes sense to do the users/groups administration from a LDAP client instead of doing it from each of the servers the OpenLDAP server manage..because if not why use an LDAP server at all ?? hehe Phpldapmyadmin works great using posixGroup with the memberUid attribute so I think it's good practice to do all my administration from the LDAP client like phpldapadmin in able to use the getent or id commands from the servers without any hassle, and obviously not using usermod anymore..
Thanks for your help
Saludos,
Oskar Kossuth Administrador UNIX ANTEL Telecomunicaciones
-----Mensaje original----- De: Michael Ströder [mailto:michael@stroeder.com] Enviado el: Thursday, February 19, 2009 9:10 AM Para: Kossuth Espinosa, Oskar CC: openldap-technical@openldap.org Asunto: Re: Usermod problems with ldap
okossuth@antel.com.uy wrote:
Ok so you are telling me to not use usermod at all and just do the modifications with a LDAP client tool like phpldapadmin?
Yes, if the LDAP client tool manages the right attribute. I don't know phpldapadmin in detail.
This default configuration for group maintenance is in the standard source distribution of web2ldap:
# The definitions for group entry administration groupadm_defs={ 'groupOfNames': ('member',None), 'groupOfUniqueNames': ('uniqueMember',None), 'organizationalRole': ('roleOccupant',None), 'rfc822MailGroup': ('mail','mail'), 'nisMailAlias': ('rfc822MailMember','mail'), 'mailGroup': ('mgrprfc822mailmember','mail'), # Found on IBM SecureWay Directory 'accessGroup': ('member',None), # RFC2370 'posixGroup': ('memberUid','uid'), 'nisNetgroup': ('memberNisNetgroup','uid'), # Samba 3.0 'sambaGroupMapping': ('sambaSID','sambaSID'), # Active Directory 'group': ('member',None), # draft-findlay-ldap-groupofentries 'groupOfEntries': ('member',None), },
I think you get the idea. It can be customized for particular LDAP target servers or name spaces to meet your needs. Being the author of web2ldap I'm biased off course.
Ciao, Michael.
El presente correo y cualquier posible archivo adjunto está dirigido únicamente al destinatario del mensaje y contiene información que puede ser confidencial. Si Ud. no es el destinatario correcto por favor notifique al remitente respondiendo anexando este mensaje y elimine inmediatamente el e-mail y los posibles archivos adjuntos al mismo de su sistema. Está prohibida cualquier utilización, difusión o copia de este e-mail por cualquier persona o entidad que no sean las específicas destinatarias del mensaje. ANTEL no acepta ninguna responsabilidad con respecto a cualquier comunicación que haya sido emitida incumpliendo nuestra Política de Seguridad de la Información. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . This e-mail and any attachment is confidential and is intended solely for the addressee(s). If you are not intended recipient please inform the sender immediately, answering this e-mail and delete it as well as the attached files. Any use, circulation or copy of this e-mail by any person or entity that is not the specific addressee(s) is prohibited. ANTEL is not responsible for any communication emitted without respecting our Information Security Policy.