On Sat, 2008-07-05 at 11:34 +0200, Petter Reinholdtsen wrote: > One issue with large scale deployment of Linux is the need to > configure each client. It would be easier if the clients were able to > automatically derive their configuration using network services. This > is successfully done with MS Active directory, where it uses DNS to > locate the LDAP servers, and then uses the LDAP rootDSE to figure out > the LDAP base. [...] > Would it be possible to teach nss-ldapd to automatically derive the > LDAP base from the rootDSE entry?
Implementing such a search shouldn't be too hard. What I'm working on now tries the first value of the defaultNamingContext attribute and falls back to the first value of the namingContexts attribute. You can also currently specify: base DOMAIN to build a basdn based on the system's domain (e.g. construct dc=example,dc=com when running on myhost.example.com). > Also, would it be possible to teach it to automatically figure out > which LDAP servers to talk to using the SRV record provided by AD. We > could easily provide the same DNS entry in Debian Edu, and thus get > the clients to automatically configure NSS based on the values fetched > from the network. With nss-ldapd you can specify uri DNS in /etc/nss-ldapd.conf to look up SRV records (see the manual page for details). > Would need to get libpam-ldap to do the same to get this working, > though. :) I think nss_ldap does this if you don't specify any URIs or hosts. Maybe pam_ldap does something similar. -- -- arthur - [EMAIL PROTECTED] - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
