Nisldap_manage:

The nisldap_manage tool

ABOUT

nisldap_manage is a tool for NIS (Network Information Service) and Samba schema management on LDAP (Lightweight Directory Access Protocol) servers. The tool has been coded in Perl. It has been successfully used in small computer networks. It may contain several bugs so I would not recommend its use, especially in large networks, uneless you are able to correct things on your LDAP server using LDIF and LDAP server tools.

Currently, the tool supports the managment of users, groups, hosts, netgroups, and aliases, stored on an LDAP server. It supports only crypt passwords. I will try to incorporate additional capabilities in the future.
The tool can be downloaded from: http://www.chtsanti.net/downloads/nisldap_manage-v0.3.tgz

Its use requires a Perl interpreter with the Tk toolkit, the Net::LDAP and the Net::LDAPS modules installed. It can be used together with PADL's nss_ldap, pam_ldap and MigrationTools. Information about these tools can be found at: http://www.padl.com/Contents/OpenSourceSoftware.html
For informations about how to use LDAP with Samba, tools and an excellent HOWTO can be found at: http://sourceforge.net/projects/smbldap-tools/

USAGE

You simply have to run the program and use it. Optionally, you can build a configuration file named ".nisldap_manage" in your home directory containing the settings of yours LDAP servers. The configuration file has an XML-like syntax: 
<a_ldap_host>
Param1='a_value'
Param2='a_other_value'
...
</a_ldap_host>
The required parameters are:
  • Host : Hostname or IP address of the LDAP server
  • Base : DN suffix for the queries
  • UseSSL : Either 'yes' or 'no' for using or not using an SSL connection
  • BindDN : DN for the ldap manager
  • cafile : File that contains the keys used in the SSL connection. It can be ommited if UseSSL is 'no'
Optional parameters are:
  • SambaSID : Samba SID. Set it if you want to use Samba schema. It can be obtained from your Samba server by using the command 'net getlocalsid'
  • USERS_OU: Table (organization unit) in which the users on the LDAP server are stored. The default value is 'People'
  • GROUPS_OU: Table in which user groups are stored. The default value is 'Group'
  • HOSTS_OU: Table in which unix hosts are stored. The default value is 'Hosts'
  • SAMBA_HOSTS_OU: Table in which windows hosts are stored. The default value is 'Machine'
  • ALIASES_OU: Table in which mail aliases are stored. The default value is 'Aliases'
  • NETGROUPS_OU: Table in which NIS netgroups (groups of users/hosts) are stored. The default value is 'Netgroup'
An example entry of the .nisldap_manage file is the following: 
<nestor>
HOST=Nestor.athens.home.gr
BASE="dc=athens,dc=home,dc=gr"
binddn="cn=Manager,dc=athens,dc=home,dc=gr"
usessl='yes'
cafile='/etc/openldap/cerst/ldap-nestor.pem'
</nestor>
After you start the program, select the LDAP server and press the connect button. If you like what you see, just play with the tool to learn how to use it.

I also include the nisldap_export.pl script which can be used to generate a Samba and NIS schema for your LDAP server. Just run something like the following line: 

 ./nisldap_export.pl --domain=yourdomainname --sid=your-samba-sid \
                      --smbdomain=SAMBADOMAIN > ldap_schema.ldif
Then import the ldap_schema.ldif on your LDAP server. Finally, run the nisldap_manage.pl program to add users, groups and other NIS and Samba entities.

TODO

This tool is not the best solution for NIS schema management for several reasons. Additional useful features could be added with no much effort:
  • managment for automount and profile
  • Kerberos schema
  • managment of RPC, services, protocols, netinfo NIS records.
  • support for non-crypt passwords
  • search capabilities.

LINKS

© 2007 - Tsantilas Christos.