80 lines
3.7 KiB
HTML
Executable File
80 lines
3.7 KiB
HTML
Executable File
<table bgcolor=#ba9e79 BORDER=1 width=100%> <tr><td><table BORDER=1 width=100%><tr><th bgcolor=#ba9e79>* <font color=#ffffff size="+2">LDAP Users</font> *</th></tr><tr><td bgcolor=#ffe0b0 > <br> </td></tr> </table> </td> </tr> </table>
|
|
|
|
<h3>Purpose of this module</h3>
|
|
<p>
|
|
This module was born to provide an easy-to-use frontend to adding,
|
|
deleting and modifying Linux users stored on an LDAP directory
|
|
(OpenLDAP).
|
|
<p>
|
|
It is very nice to have users on LDAP, as they can
|
|
be searched by standard e-mail tools like Outlook Express. Besides,
|
|
you gain the advantages of centralized user administration for all
|
|
your Linux servers and workstations, much like NIS.
|
|
<p>
|
|
You acomplish this by adding pam_ldap and nss_ldap (both found on the
|
|
<tt>nss_ldap-*.rpm</tt> package from Red Hat), besides installing and
|
|
configuring <tt>openldap-*.rpm</tt>.
|
|
<p>
|
|
Unfortunately, when you put your users on LDAP you loose all nice tools
|
|
like <tt>Linuxconf</tt> and even the Webmin Users and Groups module that makes
|
|
easy to add or modify users. Worse yet, there are no standard
|
|
command-line tools like <tt>addusers</tt> for the task. You'd have to get
|
|
an LDAP browser (like <tt>gq</tt>) and know which attributes to add,
|
|
risking to enter an uidnumber already in use by another user, or you'd
|
|
have to type long and ugly <tt>ldapadd</tt>/<tt>ldapmodify</tt> command lines.
|
|
<p>
|
|
So I started to write this module. I hope someone find it usefull,
|
|
and thanks to Luca Pescatore <l.pescatore@network.it> which tried to
|
|
do something related and gave me inspiration to start this work.
|
|
<hr>
|
|
|
|
<!--
|
|
<h3>Introduction to Users</h3>
|
|
A Unix user is typically someone who can login to the system, either
|
|
remotely via telnet or at the console. Every file is owned by some user,
|
|
and every process runs with the rights of some user. Access to files and
|
|
processes is determined by the user you are logged in as. <p>
|
|
|
|
There are really three types of users on a typical Unix system :
|
|
<ul>
|
|
<li><b>Administrative Users</b><br>
|
|
Accounts like <tt>bin</tt>, <tt>lp</tt> and <tt>uccp</tt> own files
|
|
such as the standard commands in <tt>/bin</tt>, print spool files and
|
|
UUCP data. Actually logging in with one of these accounts is not
|
|
normally allowed - they are used only by various system processes.
|
|
These users will be created when the operating system is first installed.<p>
|
|
<li><b>Real People</b><br>
|
|
These are accounts owned by real users, created by the system
|
|
administrator. You may allow these users to login remotely, or maybe
|
|
let them only to send and receive mail via SMTP and POP3. <p>
|
|
<li><b>The <tt>root</tt> User</b><br>
|
|
The <tt>root</tt> user has the power to read and write any file
|
|
or directory and control any process. This account is typically used
|
|
for system administration purposes, and is the account under which
|
|
Webmin runs. <p>
|
|
</ul>
|
|
|
|
At the top of the main page of this module is a table of existing users
|
|
on your system. You may click on a user to edit it, or click on the link
|
|
below the table to create a new user. <p>
|
|
|
|
<h3>Introduction to Groups</h3>
|
|
A group is simply a list of Unix users. Every user has belongs to at least
|
|
one group (their primary group), and optionally several others. All files
|
|
are owned by some group, and every process runs with the permissions of
|
|
a group. <p>
|
|
|
|
Below the list of users is a table of existing groups. You may click on
|
|
a group name to edit it, or click on the link below the table to create
|
|
a new group. <p>
|
|
|
|
<h3>Recorded Logins</h3>
|
|
Every time a user logs in by telnet, FTP or at the console the system records
|
|
that login and the subsequent logout. At the bottom of the main page is
|
|
a small form that allows you to display logins either by everyone, or by
|
|
a selected user. <p>
|
|
|
|
<hr>
|
|
-->
|
|
|