Hi Fred, yes, you need to setup sudo for lamdaemon. See here (incl. next pages) for a list of steps:
https://www.ldap-account-manager.org/static/doc/manual/apd.html Best regards Roland Am 1. Juni 2022 08:04:28 MESZ schrieb Fred Obermann <[email protected]>: >My understanding is that if home directories are located on a file server, >lamdaemon: > > - creates home directories when users are added > - removes home directories when users are deleted > - changes the group of home directories when the primary group of users > is changed. > >Beyond that, *lamdaemon.pl <http://lamdaemon.pl> *is the Perl script that >does this work. > >So, if in my small network of Linux machines, if I have one designated >file-server (say *nfs_server.gngberlin*) that nfs-exports a home directory >that is nfs-mounted by all of the client machines as *'/home*'... > >Then on the nfs-fileserver I can create a user, say '*lam_agent*'. I >copy */usr/share/ldap-account-manager/lib/lamdaemon.pl ><http://lamdaemon.pl> *to */home/lam_agent/*, and make it executable only >by *lam_agent*. And as *lam_agent*, I create a script, say >*'/home/lam_agent/call_lamdaemon*'. > >This script will accept one argument, and invoke '*sudo lamdaemon.pl ><http://lamdaemon.pl>*' with that argument > >And then, as lam_agent, I execute *ssh-keygen* such that it generates a >private authentication key, *~/.ssh/id_rsa*, and a public key, >*~/.ssh/id_rsa.pub*. > >In the context of *LDAP Account Manager*, I open the server profile dialog >and under Lamdaemon settings and fill in the fields with the following: > >Server list: nfs_server.gngberlin >Path to external script: /home/lam_agent/call_lamdaemon >User name: lam_agent >SSH key file: /home/lam_agent/.ssh/id_rsa >SSH key password: /home/lam_agent/.ssh/id_rsa.pub > > > >*And as a side note...* >*lamdaemon.pl <http://lamdaemon.pl>* must be run as root. But it is >considered bad practice to ssh into a remote computer as root, which is >why I create the user *lam_agent*. > >So, as *root*, I must edit the* /etc/sudoers* file and add the line: > > >* lam_agent nfs_server.gngberlin = NOPASSWD: >/home/lam_agent/call_lamdaemon* >which should obviate the need to provide a password when executing '*sudo >lamdaemon.pl <http://lamdaemon.pl>*' > >So, is my understanding of the procedure to set up and use *lamdaemon* >correct? > >Best regards, > >Fred Obermann
_______________________________________________ Lam-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lam-public
