My understanding is that if home directories are located on a file server, lamdaemon:
- creates home directories when users are added - removes home directories when users are deleted - changes the group of home directories when the primary group of users is changed. Beyond that, *lamdaemon.pl <http://lamdaemon.pl> *is the Perl script that does this work. So, if in my small network of Linux machines, if I have one designated file-server (say *nfs_server.gngberlin*) that nfs-exports a home directory that is nfs-mounted by all of the client machines as *'/home*'... Then on the nfs-fileserver I can create a user, say '*lam_agent*'. I copy */usr/share/ldap-account-manager/lib/lamdaemon.pl <http://lamdaemon.pl> *to */home/lam_agent/*, and make it executable only by *lam_agent*. And as *lam_agent*, I create a script, say *'/home/lam_agent/call_lamdaemon*'. This script will accept one argument, and invoke '*sudo lamdaemon.pl <http://lamdaemon.pl>*' with that argument And then, as lam_agent, I execute *ssh-keygen* such that it generates a private authentication key, *~/.ssh/id_rsa*, and a public key, *~/.ssh/id_rsa.pub*. In the context of *LDAP Account Manager*, I open the server profile dialog and under Lamdaemon settings and fill in the fields with the following: Server list: nfs_server.gngberlin Path to external script: /home/lam_agent/call_lamdaemon User name: lam_agent SSH key file: /home/lam_agent/.ssh/id_rsa SSH key password: /home/lam_agent/.ssh/id_rsa.pub *And as a side note...* *lamdaemon.pl <http://lamdaemon.pl>* must be run as root. But it is considered bad practice to ssh into a remote computer as root, which is why I create the user *lam_agent*. So, as *root*, I must edit the* /etc/sudoers* file and add the line: * lam_agent nfs_server.gngberlin = NOPASSWD: /home/lam_agent/call_lamdaemon* which should obviate the need to provide a password when executing '*sudo lamdaemon.pl <http://lamdaemon.pl>*' So, is my understanding of the procedure to set up and use *lamdaemon* correct? Best regards, Fred Obermann
_______________________________________________ Lam-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lam-public
