Red Hat Bugzilla – Bug 57705
Practical LDAP browser and user admin tools needed.
Last modified: 2007-11-30 17:10:30 EST
Description of Problem:
No decent *user* admin tools for LDAP. OpenLDAP itself is great, but
ldapadd and LDIF files get old quickly. We need a management tool for
users/groups/passwords in LDAP. Please consider adding Directory
Administrator ( http://diradmin.open-it.org/ )to the next version of Red
Hat Linux. It is very useful, and make LDAP user administration practical.
Ok... maybe for the _next_ release of RHL. :-)
gq IS a decent tool :)
I disagree... GQ isn't that great. But I would take gq over nothing, certainly.
However, I would take Directory Administrator over gq.
GQ is also gone since RHL 8.0 (packaging it myself now...). But GQ has other
purposes than user admin, IMHO.
It would also be nice to have good LDAP query tools as an LDAP client without
having to install OpenLDAP server. As an LDAP client, I would like to be able to
search an LDAP directory hosted elsewhere in my network when I am
troubleshooting problems such as user access, automount table lookup failures, etc.
Yes. As a sysadmin I would love to have a decent LDAP-client installed to my
workstation without needing the actual LDAP server stuff. No comment what the
ideal LDAP client would be, I've only been using the console stuff and GQ and
don't have real experience about all the other LDAP clients, but please choose
RedHat/Fedora should change from using the shadow utils package for
user management to using libuser. That way you can have pluggable
backends and administer shadow/passwd and LDAP repositories with the
same set of commands.
Not that I've ever gotten round to setting this up myself... ;)
And I just noticed that Nalin is the Author of libuser.
Does anyone have experience with Luma (luma.sourceforge.net)?
It looks very promising, and it is developed in Python (like
system-config-*) and PyQt (unlike anything by Red Hat). The LDAP
browser interface is far better than Directory Administrator or
anything else I have tried. Luma has a 'massive user creation'
function, which I'd certainly find useful. Unfortunately the Luma
versions I have tried did not work too well with the schemas on an
oldish OpenLDAP server, so I was unable to create users.
I realize that PyQt may not be acceptable to Red Hat / Fedora in a
component like this.
Anyway, it would be nice to see a Luma RPM for Fedora, because the
program is a bit of a pain to install otherwise.
Please channel your problems with luma to the luma mailinglists at
DirectoryAdministrator does not apply LDAPv3 if I remember correctly,
while at least Luma and possibly GQ does this. Luma 1.5 will be
released next week, with a good set of improvements.
Luma 1.4 rebuild mandrake rpm works on fedora - I've been told.
Maybe the Fedora-team can use the efforts put into building this
rpm from Mandrake?
this could be quite easy to do now. You can just generate an
alternate libuser config file (with modules == create modules == ldap)
and run s-c-users as usual.
Designing an intuitive GUI for the config file creation looks like
the hardest part.
There is phpldapadmin package (http://phpldapadmin.sourceforge.net).
We use it more than a year, it seems to be very useful!
Phpldapadmin over php over httpd sits at the same host where
openldap runs. Admins use the favourite browsers to do things... :-)
We have made an rpm (with some addons). Mail me directly if it is
interesting to someone.
I am trying to add phpldapadmin for Fedora Extra, see bug #168210
phpldapadmin is part of Fedora Extras for some time.