On 19 September 2016 at 14:01, Shawn McKinney smckinney@symas.com wrote:
On Sep 18, 2016, at 2:25 PM, John Lewis oflameo2@gmail.com wrote:
Right now I am trying to weigh my options for maintaining my POSIX accounts on an OpenLDAP tree.
I learned today that ldap templates in ldapscripts really don't work, so if I want to go on using ldapscripts, I would have to run ldapmodify after every account is created to get the gecos configured properly and have a kerberos principal configured.
You could use an IdM product like midPoint to manage the RFC2307ish attributes in the directory.
https://wiki.evolveum.com/display/midPoint/LDAP+ PosixAccount+and+PosixGroup+Management
For long time I am using LdapAdmin http://www.ldapadmin.org/
It is portable, no installation needed.
I am using it to manage OpenLdap mainly but also I am managing ActiveDirectory (only some fatures), Nokia NDS, etc.
No problems so far.