Word 2007 cool feature
Change return values in nss_ldap
After some time searching I found the nss_override_attribute_value config file parameter for /etc/ldap.conf. This has the effect that you can overwrite the ldap return value through a standard value. So as an example:
NOTE: the nss_override_attribute_value has to come before the nss_map_attribute in the config file.
Further there is the nss_default_attribute_value entry which can be quite usefull for the shell for example.
nss_override_attribute_value unixHomeDirectory /varThis will change the home directories of all users returned through ldap to /var.
NOTE: the nss_override_attribute_value has to come before the nss_map_attribute in the config file.
Further there is the nss_default_attribute_value entry which can be quite usefull for the shell for example.
Cern Week 36
I spent most of the week writing a paper for a meeting I am organizing. This will be the 'Cern ldap meeting'. The idea behind this is to get all the people who will be involved with the migration, maintenance and security to give talks and brainstorm about different aspects. I am writing the paper and the slides in docutils, about which I will rant in another blog entry, but for now, I really like the concepts behind it. Further there is a flew going around and so I was at home for two days.
Cern Week 35
I spent the beginning of the Week trying to get the Cern CA to work on all machines. This was not as easy as I thought it would be, but now I have a rpm package that can be install and that will verify the certificates I get from the Active Directory Server. This will avoid man in the middle attacks. Further I extended ncm-authconfig to automatically modify /etc/ldap.conf to what I need it to be. While doing this I did some general module cleanup and added 13 new tpl options. After some testing I can now happily say that the Linux machines will securely, essentially authenticate against an AD server and use Quattor to configure themselves. Further I attended another group meeting.
One other big problem was that the AD server only returns 1024 entries, but this is of course not the total user number. So when I call getpwent it will only return the first 1024 entries and forget about 21086 users. I solved this through trying to get '--enable-paged-results' added to the spec file as compile option. But this will have to be done by red hat. I suppose this is going to take some time, till this goes upstream. But getpwent should not be used anyway :). Further I updated my passwd and group create script to acquire for this and enable paging in ldapseatch '-E pr=2000/noprompt'. Maybe a little off topic I am going to LinuxTag, Europe's leading exhibition on Linux and Open Source from May 28 - 31, 2008 at Berlin's Messezentrum unter dem Funkturm. So if you want to join should be good fun.
One other big problem was that the AD server only returns 1024 entries, but this is of course not the total user number. So when I call getpwent it will only return the first 1024 entries and forget about 21086 users. I solved this through trying to get '--enable-paged-results' added to the spec file as compile option. But this will have to be done by red hat. I suppose this is going to take some time, till this goes upstream. But getpwent should not be used anyway :). Further I updated my passwd and group create script to acquire for this and enable paging in ldapseatch '-E pr=2000/noprompt'. Maybe a little off topic I am going to LinuxTag, Europe's leading exhibition on Linux and Open Source from May 28 - 31, 2008 at Berlin's Messezentrum unter dem Funkturm. So if you want to join should be good fun.
Subscribe to:
Posts (Atom)