You could use an IdM product like midPoint to manage the RFC2307ish attributes in the directory.
https://wiki.evolveum.com/display/midPoint/LDAP+PosixAccount+and+PosixGroup+...
On 19 September 2016 at 14:01, Shawn McKinney smckinney@symas.com wrote:
For long time I am using LdapAdmin http://www.ldapadmin.org/
It is portable, no installation needed.
I am using it to manage OpenLdap mainly but also I am managing ActiveDirectory (only some fatures), Nokia NDS, etc.
No problems so far.
Saša-Stjepan Bakša wrote:
IMO it would be better to just refer to the FAQ index entry:
http://www.openldap.org/faq/data/cache/271.html
And add/update missing entries/information therein.
To the original poster: While I'm the author of one such tool (and therefore personally biased towards that) I'd recommend to use your favourite scripting language with a decent LDAP module to write your own custom tool. With such a solution you have full control and you can easily make use of any existing data in your organization without having to setup a big infrastructure.
Ciao, Michael.
On 09/20/2016 09:56 AM, Michael Ströder wrote:
While I'm author of another such tool (and therefore also personally biased) I would suggest against home-brew development. Unless you have at least 2-5 man-years at your disposal. Developing IDM solution is much (much!) harder than it seems. Been there, done that. My recommendation would be to reuse something that is already there. It is almost alway better to join an existing project than to re-invent square wheel over and over again. There are several projects to choose from.
Unless of course your requirements are extremely simple and they will remain simple forever. In that case even a home-brew solution might work.
openldap-technical@openldap.org