Sujet : Serving Up /etc/passwd & Friends Through LDAP
De : ldo (at) *nospam* nz.invalid (Lawrence D'Oliveiro)
Groupes : comp.miscDate : 26. May 2024, 22:52:41
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <v30av8$3k5i4$1@dont-email.me>
User-Agent : Pan/0.158 (Avdiivka; )
OpenLDAP comes with a “slapd-passwd” backend that serves up the
information in the system /etc/passwd file through LDAP. However, it
is extremely limited: it doesn’t include /etc/group, or the actual
password information in /etc/shadow, so it can’t be used for much more
than “demonstration purposes only”, as per the man page.
So I wrote a better backend, which serves up all this user/group
information through LDAP <
https://bitbucket.org/ldo17/serve_passwd>.
The conversion is modelled on the “migrationtools” package
<
https://gitlab.com/future-ad-laboratory/migrationtools>, so it should
be similarly useful, except it is “live”: changes to those files will
be served up as they happen.
The backend itself needs to run as root, so it can read /etc/shadow.
Access to the information from this file is controlled by specifying a
special base DN: only clients authenticating via DNs with this suffix
will be shown the shadow information (or can use it for searching).
All clients are able to see the contents of /etc/passwd and
/etc/group.
Access to all of /etc/{passwd,group,shadow} is readonly for now. Maybe
I might feel brave enough to offer write access in the future.
Serving Up /etc/passwd & Friends Through LDAP
Re: Serving Up /etc/passwd & Friends Through LDAP