[wplug-internet] Another LDAP server to tinker with
Vance Kochenderfer
vkochend at nyx.net
Tue Jun 18 08:53:43 EDT 2013
FYI, centos-ds is available in the CentOS Extras repository. This
is just a rebranded 389/Red Hat Directory Server.
<http://wiki.centos.org/HowTos/DirectoryServerSetup>
I have no idea what the setup process is like. Installing
OpenLDAP on Debian was actually quite simple; there is a
postinstallation script that prompts to set the base DN and
administrator CN and password. It also sets OpenLDAP to start on
boot.
Figuring out how to configure it was more of a challenge.
Settings for things like what interface and port to listen on are
NOT part of the OpenLDAP config; instead they are controlled by
startup scripts which get values from /etc/defaults/openldap.
In my brief initial look, IPA seemed like gross overkill, but I'll
take another glance at it. For web app authentication, all we
really need are the uid, mail, and userPassword attributes, which
any LDAP server provides with inetOrgPerson. If we decide to use
the directory for membership management also, we face the need to
extend the schema to add things like join date and expiration
date. I'll look into whether IPA's schema already accommodates
those needs.
Vance Kochenderfer | "Get me out of these ropes and into a
vkochend at nyx.net | good belt of Scotch" -Nick Danger
More information about the wplug-internet
mailing list