Aaron Isotton said: > > - How can I manage the accounts in a sensible way? useradd and the like > seem not to use PAM, so I can't use them; until now I've used > directory-administrator and gq to manage the accounts, but I have a strong > dislike for GUI programs for such tasks. I know I can use > ldapadd/ldapmodify to manage accounts, but I'm not yet good enough in LDIF > to do that. Is there any useradd-like tool which uses PAM?
I use ldapexplorer in combo with ldapmodify/ldapadd. I plan someday to write a perl script to manage users, I'm still a perl newbie though. > - Using useradd etc every user has also his own group. Do I *really* have > to create all of them by hand? if you want each user in their own group then yeah. > - How do I add a user to more than one group? set the memberUid attribute in the group. e.g. dn: cn=cdwrite,ou=Group,o=aphroland,c=us objectClass: posixGroup objectClass: top cn: cdwrite gidNumber: 80 memberUid: aphro memberUid: laze > - I'd like to allow some users to log in on the server (via ssh, for > example) and others not BUT everybody should be able to log in to the > workstations (which authenticate off the server). Thus setting the shell > to /bin/false is not an option. It'd be ideal if it could be done by > group (ex. all users in the group "it" can log in on the server, the > others can't). Is there any solution for this? this should work for your needs: http://howto.aphroland.de/HOWTO/LDAP/ConfiguringHostBasedAccessWithLDAP nate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
