LDAP Integration in Ubuntu

This wiki page will be used to discuss how we can use openldap in the Ubuntu server-desktop combination. To explain this the easy way, this is the Active Directory for Ubuntu.

In order for Ubuntu (and Linux in general) to make a decent chance in the enterprise market, a central management system is needed. By using ldap we can create a central dictionary that contains various properties, policies and access rights for users and workstations.

This is a work in progress, please add your thoughts and comments!

A large amount of information regarding LDAP integration can already be found here: https://help.ubuntu.com/community/OpenLDAPServer

Use cases

• John is a system administrator for a company and needs to create a user for a new employee. He opens the management console on his Ubuntu server and creates a new user object, Julia. He sets the various properties for the user and saves the object. Now Julia can login to any workstation that authenticates with the openldap server.
• John also creates a new computer object in the ldap directory. He gives it the necessary properties and saves the object.
• Now John adds the newly created computer object to Julia's list of allow workstations. When Julia tries to authenticate her on a workstation, the ldap server verifies that the computer she's using is in her list of allowed workstations.

Ubuntu server

• Management software, web based to avoid any desktop environment on the server
• Integration with:
  • Samba
  • CUPS

Ubuntu desktop

• Integration of Gnome configuration and LDAP policies.
• Easy way of authentication PAM with LDAP.
• Automatic printer creation (CUPS)
• Automatic mounting of shares (Samba)

Directory objects

• User object

  • username
  • fullname
  • emailaddress

• Computer object

  • computername
  • description

CategoryLookMergeDelete