[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Migrating passwd users on Cobalt RaQ

To: Robert Fitzpatrick <lists@webtent.net>
Subject: Re: Migrating passwd users on Cobalt RaQ
From: Howard Chu <hyc@symas.com>
Date: Fri, 14 Apr 2006 02:17:07 -0700
Cc: OpenLDAP <openldap-software@OpenLDAP.org>
In-reply-to: <7.0.1.0.0.20060413232314.01b70f28@OpenLDAP.org>
References: <1144946804.7864.42.camel@columbus.webtent.org> <7.0.1.0.0.20060413232314.01b70f28@OpenLDAP.org>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060405 SeaMonkey/1.5a

Kurt D. Zeilenga wrote:

slapd-passwd(5) says:
  This backend is provided for demonstration purposes only.

-- Kurt

In particular, it doesn't support write operations so it can't be used as an actual management tool. However, Symas (and probably others) have built up full-function modules along these lines. The Symas module supports not only /etc/passwd, /etc/group, and /etc/shadow, but also the TCB databases (e.g. /etc/security) used by AIX, HPUX, and SCO OpenServer, giving you fully LDAP-enabled management of native Unix/Linux security. (The upside of this approach vs pam/nss is that users can always login to a host, regardless of (loss of) access to a central LDAP server. The downside is that updating someone's account info can take a non-trivial amount of time as it replicates from the central server to every managed host.)

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/

Follow-Ups:
- Re: Migrating passwd users on Cobalt RaQ
  - From: Robert Fitzpatrick <lists@webtent.net>

References:
- Migrating passwd users on Cobalt RaQ
  - From: Robert Fitzpatrick <lists@webtent.net>
- Re: Migrating passwd users on Cobalt RaQ
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: Migrating passwd users on Cobalt RaQ
Next by Date: Re: dynamic update permssion
Index(es):
- Chronological
- Thread