1

I am learning to use openldap as backend database for kerberos credentials. It is good that all the programs are working with single sign on.

The problem is - I can manage user from kadmin command prompt but there is no alternate method to do that.

Questions
1. Are there any third party GUIs for managing the kerberos data ?
2. Can we create new kerberos principals from any Openldap client like apache directory studio or ldapadmin?

Gaurav
  • 113
  • 6

2 Answers2

0

Try Red Hat's identity management service. It is LDAP and Kerberos bundled together. It is opensource and has a web interface, but I'm not sure how extensive that interface it. If nothing else the CLI docs are probably more complete.

Open source version: http://directory.fedoraproject.org/wiki/Main_Page Red Hat version: https://access.redhat.com/site/documentation/Red_Hat_Directory_Server/

Neil H Watson
  • 450
  • 1
  • 5
  • 17
  • I don't think your links are accurate. I think those are for just the LDAP server component. I think FreeIPA and IPA are the products you were thinking about. They come with Kerberos and an integrated management UI. – Jeff Strunk Aug 30 '13 at 14:43
  • yes I could not find any useful(& relevant) information from the links – Gaurav Aug 31 '13 at 07:32
  • @JeffStrunk I think freeIPA(which includes ldap, kerberos and much more) is good alternative to bare openldap and kerberos installed and configured separately – Gaurav Aug 31 '13 at 10:29
0

This is interesting. I don't think there are any good generic user management GUIs for LDAP in general, let alone LDAP and kerberos. Specific products have specific tools.

I think the issue is that most organizations manage their user account in different ways.

I ended up writing my own account creation script to create the user and groups in LDAP, create the principal in kerberos, create the home directory on the NFS server, add the autofs entries to LDAP, etc.

Jeff Strunk
  • 2,107
  • 1
  • 24
  • 29
  • for ldap ldapadmin,http://www.ldapadmin.org/ a very small program does the job. you can even make the GUI for your entries example :http://www.ldapadmin.org/screenshots/useropen.jpg .....Apache directory studio is heavy program and it comes with some good functionalities like inbuilt ticket managing system but I could not find something to make GUI for new entries like ldapadmin – Gaurav Aug 31 '13 at 07:30
  • you can have check boxes, dropdown, create a list, mappings and these things can be created by simple text file... http://www.ldapadmin.org/download/templates/index.html .... http://www.ldapadmin.org/screenshots/appwin.jpg – Gaurav Aug 31 '13 at 07:38