Saša-Stjepan Bakša wrote:
On 19 September 2016 at 14:01, Shawn McKinney smckinney@symas.com wrote:
On Sep 18, 2016, at 2:25 PM, John Lewis oflameo2@gmail.com wrote:
Right now I am trying to weigh my options for maintaining my POSIX accounts on an OpenLDAP tree.
I learned today that ldap templates in ldapscripts really don't work, so if I want to go on using ldapscripts, I would have to run ldapmodify after every account is created to get the gecos configured properly and have a kerberos principal configured.
You could use an IdM product [..]
For long time I am using
IMO it would be better to just refer to the FAQ index entry:
http://www.openldap.org/faq/data/cache/271.html
And add/update missing entries/information therein.
To the original poster: While I'm the author of one such tool (and therefore personally biased towards that) I'd recommend to use your favourite scripting language with a decent LDAP module to write your own custom tool. With such a solution you have full control and you can easily make use of any existing data in your organization without having to setup a big infrastructure.
Ciao, Michael.