From owner-freebsd-questions@FreeBSD.ORG Wed Jul 27 12:23:48 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 32CB416A41F for ; Wed, 27 Jul 2005 12:23:48 +0000 (GMT) (envelope-from martin@orbweavers.co.uk) Received: from mail.orbweavers.co.uk (213-152-38-100.dsl.eclipse.net.uk [213.152.38.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1204A43D62 for ; Wed, 27 Jul 2005 12:23:41 +0000 (GMT) (envelope-from martin@orbweavers.co.uk) Received: from 192.168.0.5 (localhost.orbweavers.co.uk [127.0.0.1]) by mail.orbweavers.co.uk (Postfix) with ESMTP id B5F2AB2B2C for ; Wed, 27 Jul 2005 13:23:40 +0100 (BST) Received: from 192.168.0.10 (SquirrelMail authenticated user martin) by 192.168.0.5 with HTTP; Wed, 27 Jul 2005 13:23:40 +0100 (BST) Message-ID: <1201.192.168.0.10.1122467020.squirrel@192.168.0.5> In-Reply-To: <20050727121325.GA29568@ei.bzerk.org> References: <3040.217.37.3.201.1122457154.squirrel@www.orbweavers.co.uk> <20050727121325.GA29568@ei.bzerk.org> Date: Wed, 27 Jul 2005 13:23:40 +0100 (BST) From: martin@orbweavers.co.uk To: freebsd-questions@freebsd.org User-Agent: SquirrelMail/1.4.4 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: Re: LDAP/nss_ldap adduser script X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jul 2005 12:23:48 -0000 > On Wed, Jul 27, 2005 at 10:39:14AM +0100, martin@orbweavers.co.uk typed: >> Hi all, >> >> I've been using an ldap directory for quite a while now for my >> network >> logins, and love it. Problem is, it can be quite cumbersome to work >> with, any ldap clients I have looked at are either very sketchy or >> overly cumbersome for simple tasks (adding/removing users etc.), and >> ldif file format is a major pain to work with. >> >> My first question is - is anyone aware of a good light and stable ldap >> client that is easy to setup and use. My own research suggests no, which >> leads onto my proposal - >> >> I'm planning on writing a few basic scripts for working with the >> system >> - a 'ldap_adduser', 'ldap_rmuser' etc. Nothing major, not a full suite >> of utilities, just the basics to make life a little easier. >> >> I've had a look at the adduser script and it should be straight >> forward >> enough to tailer to this purpose, and I can't see any difficulties in >> writing them - check /etc/ldap.conf for the location of the users & >> groups, pops the details into an ldif and runs it through the ldap >> client. The one thing I am not sure about is getting the next available >> uid number, but I'm sure the answer will become apparent. >> >> So before I get into the meat of this, I wanted to check if anyone has >> any suggestions or comments. > > Well, how would you go about determining the default user's set of > objectclasses > and attributes? e.g. we have in our ldap users with different combinations > of > sambaSamAccount, posixAccount and courierMailAccount. > If you want your script to be flexible enough to provide all possible > options, > you'll end up writing a very complex script. But good luck anyway ;-) > > Ruben Primarily, my aim is to keep it simple, do the basics, thats the itch that needs scratching for me at the moment. It could be the base of a more encompassing management system, but that would be a different project.