LDAP authentication via dsee6

Okay, I have a cluster of servers that was built to round-robin the
load of users logging in and out of GNOME via terminals. It was made
with a person with no concept of servers with scalability,
unfortunately. We are going to be going through some serious growth
here and I need some centralized authentication so that we can make
changes through an LDAP database instead of manually editing /etc/
passwd and /etc/shadow across several (and soon to be more) linux
machines.

Now I've recently had to set up a CentOS machine in order to handle
Sun Commsuite 5 serving to users on this cluster. This provides an
LDAP service in order to handle a large amount of its data, but it
also does password authentication.

So this is what I'm wondering: password authentication can be
accomplished via the LDAP scheme in DSEE6, as per the 'user
authentication' choices in the delegated administrator panels for each
user. Unfortunately, when looking through the various user options, I
do not see anything about specifying a home directory, or any of the
more important /etc/passwd information. My question is, is there a way
to make that information available through the LDAP server that we
already have in place through dsee6? I would much rather use this
existing LDAP server to serve all of the information that we currently
have in several copies of /etc/passwd across our server cluster.

Also, if there is a better way to do this, I am certainly open to
suggestions or comments. Also, the server clusters are all running a
linux variant, although that should not matter as the information we
need to make available is just standard /etc/passwd info.

Thank you very much for anything you can offer about this! I know
it's kind of a Sun Application & Linux question, but I thought it was
still applicable on a tangent.

<a href="http://forum.java.sun.com/thread.jspa?threadID=5294543">
-Damon A. Getsman
Linux/Solaris System Administrator
ITrx
</a>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "Damon" == Damon Getsman <(E-Mail Removed)> writes:


Damon> Okay, I have a cluster of servers that was built to round-robin the
Damon> load of users logging in and out of GNOME via terminals. It wasmade
Damon> with a person with no concept of servers with scalability,
Damon> unfortunately. We are going to be going through some serious growth
Damon> here and I need some centralized authentication so that we can make
Damon> changes through an LDAP database instead of manually editing /etc/
Damon> passwd and /etc/shadow across several (and soon to be more) linux
Damon> machines.

Damon> Now I've recently had to set up a CentOS machine in order to handle
Damon> Sun Commsuite 5 serving to users on this cluster. This providesan
Damon> LDAP service in order to handle a large amount of its data, but it
Damon> also does password authentication.

Damon> So this is what I'm wondering: password authentication can be
Damon> accomplished via the LDAP scheme in DSEE6, as per the 'user
Damon> authentication' choices in the delegated administrator panels for each
Damon> user. Unfortunately, when looking through the various user options, I
Damon> do not see anything about specifying a home directory, or any ofthe
Damon> more important /etc/passwd information. My question is, is therea way
Damon> to make that information available through the LDAP server that we
Damon> already have in place through dsee6? I would much rather use this
Damon> existing LDAP server to serve all of the information that we currently
Damon> have in several copies of /etc/passwd across our server cluster.

No ideas about DSEE6, never worked with it. But what you're
specifying, I'm running something similar to that. I've few linux
boxes, installed with GNOME, users login to GDM on any the boxes, and
their homes are mounted at the runtime on those boxes, over NFS. The
user profile is stored in OpenLDAP server. For authentication, I'm
using pam_ldap module[1], and for nsswitch, I'm using nss_ldap
module[2].

This is fairly standard configuration and I'm sure this will work for
you too.

Also check out http://www.saas.nsw.edu.au/solutions/ldap-auth-pam.html

References:
[1] - http://www.padl.com/pam_ldap.html
[2] - http://www.padl.com/OSS/nss_ldap.html

HTH
- --
Ashish Shukla आशीष श�क�ल http://wahjava.wordpress.com/
·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIJgmKHy+EEHYuXnQRArVWAJwO8ah+Tv/gSSa2peY0u4YNdrBrZACfaNdD
exXN0bEdHrLwxm8fwica+pk=
=LsFo
-----END PGP SIGNATURE-----