Help please. LDAP


#1

Hi,

I’m kinda new in LDAP tech in general and I actually work as a trainee. My job is to implement a LDAP server to make things easier for the administrator when a new employee comes. And that’s my problem :

Since 7:30 am, I try to understand HOW can I use UCS as a LDAP server. I don’t care about windows or Mac cause we don’t use/have them. I just wanna add a user and connect with him from any computer in the network at boot time. Is it possible and mostly how ??!! Maybe I’m missing something I don’t know but that kinda piss me off right now. In the documentation it’s all about takeover active directory. We don’t have one, we don’t have openLDAP or else. We chose UCS for that. If it can’t do it, I need to know it now.

Anyway, if it’s possible, could it be possible to have like a basic tutorial to do it. I really wanna use UCS but the documentation is …

Thank’s in advance,


#2

Well it seems that the LDAP server run normally (when i run univention-ldapsearch, it works).

How can I configure my linux client to connect at login session directly to my UCS server to do the authentication ? Wich package do I have to download / configure to do it ? Please help !!


#3

You should start reading the docs at Documentation - UCS 4.1


#4

Well sorry.

I tried to follow this doc yesterday : docs.software-univention.de/domain-4.1.pdf but it didn’t do what I wanted to do … (files missing etc. )

So, now I’m cool and I will present my “problem” :

I want to have UCS as an LDAP server. So basically for now it’s ok. The user/group manager work well. That’s marvelous.
What I want/need to do is :

CASE 1 : When a user start his own computer :
I want to have only the authentication working with UCS (at startup, the user can authenticate by using his login/password)
All his files are still present in his computer and he can work normally by using the kereberos ticket allowing him to have SSO access to the NAS/Cluster on the intranet.

CASE2 : When a user start another computer :
He connect (like case 1) at startup.
He don’t have or have an empty home directory, but he have the SSO ticket to have access to the intranet.

I’m still new in LDAP tech and I surely miss something. I’ve tried to install nsss to allow a ubuntu client to connect at startup but I can’t download it on UCS. Do I have to use PAM ? (if it’s possible to have a tutorial like more than RTFD it’ll be cool. The doc is more about heterogeneous network. All the computers are linux based on the intranet …). Maybe I forgot to set up something I don’t know.

At least, is it possible ? (what I want to do ?)
That could be really nice to have a real direction (as I said, a tutorial like could be really helpful).

Thank’s in advance.

Regards


#5

The integration of Linux Clients into UCS is described in Extended domain services documentation but I’d start reading 3.2. Joining domains first.


#6

Than’ks, I didn’t do the step with joining domains. I’ll try when I can. You can say that it’s resolved for now (I have to work on docker server system for my work now, so I’ll do all config on UCS after).

Thank’s again. Hope to don’t have to re-open this topic.

My idea to use UCS only at authentication and not use roaming profile when the user is on his “own” computer it’s possible ?

Tank’s again (lot of thank’s but still thank you)


#7

Hi,

I don’t wanna open a new post for that because maybe it’s just something that I forgot to do (I hope).

So I followed this document : docs.software-univention.de/dom … ntegration which works quite well. No problem with connection, etc…

The only things that don’t work (and it’s here that maybe i forgot to do something) is this :

When I use my script which execute all the code given in the doc, I have all my user and password, allowing myself to connect with the account that I want.

When I add a user or change a password, no update is done to the client ubuntu. So finally I still can connect with my old password but not the new one (except using kerberos). When I want to connect with my new user, it’s impossible.

When I go in root (client computer) and i write : getent group I have all my user from when I did the configuration. No new users, nothing.

Did I miss something ?


#8

It was an indentation error. My bad. It works well.