The last two weeks I did not post an update on the status of my work, as the computer pool has to be ready for student impact in about a week.
I was planning to replicate the student passwords from our gforge server into a Samba PDC, as well as into Linux passwd files, phpbb and mediawiki … with a self coded solution …Ridiculous, I know, but I every time I tried to figure out how LDAP worked I bounced quite hard. The weeks before I had tried again and It was so frustrating to read the PHP LDAP guts of GForge that, taking into account that not much time was left, I figured it would be best if I hacked a working solution (in JAVA). luckily, Andreas was so afraid of a selfmade-unmaintainable solution that he could convince me to take another look at the overall picture.
I grabbed a piece of paper and picked up the requirements again. Christian wants a one click solution to (dis-)allow a student to log in on a computer in the student pool or to have a mail account. He wants them to have only one password. Andreas wants a nice GUI where he can easily crate and administer accounts. preferably one that also creates the needed directories for a new home directory and cyrus account. He could show me a Windows tool (LDAP-Admin) that would do that by managing user accounts in an LDAP directory. He had the idea of accessing the HRZ LDAP for their accounts, so we would not have to take care of an extra password … we did not even know wether or not they had one or if we were allowed to access it …
That day I was totally devestated – I did not know where to start …
Somehow I managed to set up a working OpenLDAP-Samba-PDC with the Idealx scripts and a lot of reading up on it online. Well, at least it worked for the three Windows machines that we have to keep alive in order to run 3DS Max …
I think I startet googling for another account management tool for LDAP, as the Idealx webmin plugin was no longer maintained and their IMC so new that I could not find further documentation … eventually I read about LAM and was happy to have at least something that could administer Samba and UNIX accounts. The CSV feature would also be nice, as it would allow me to mass add students (even better: generate a CSV file of new pool users with gforge and mail it). A second set of eyes has to check new accounts in the pool anyway.
I remembered Andreas requirement of being able to administer and create mail accounts which I could not find in LAMs feature list. The way they were using a daemon to create home directories also seemed hackish, as I learned from further googling that there exists a standart PAM module (pam_mkhomedir.so) for exactly that purpose. Their webdemo not working was just another pinch in the shoe.
Samba can also create home diretories and profiles, and I think I even read about some cyrus / postfix solution that autocreates needed directories when used with LDAP.
In the gentoo forums I first noticed GOsa and later even found their homepage. Two days ago I managed to get GOsa up and running (not that hard compared to LDAP – believe me) and was happy as a sandboy.
As of today there is one webinterface (GOsa) that sets all the needed passwords for Linux and Windows and in general enables me to administer the pool accounts in an LDAP directory. Having set up the other machines, there are now ten computers able to boot an nfs-root Linux, three of them dualbooting windows.
Only three more to go (one of them in repair). Furthermore, repartitioning the other hard disks for swap and /tmp/ space, securing LDAP a little more, and finally knotting GForge to the LDAP directory …
That seems possible in the next week, and I am looking forward to it 🙂
The only unsolved problem I have is with four of the computers failing to netboot after rebooting from Linux. They need their power cut (pulling the plug) to work again. Updating the BIOS of the Asus P4P800SE mainboards did not help except with one of them … leaving me with three where it did not work … oh bloody sod it, bugger it …
I finfished this day with a nice hot bath and will now go to sleep … n8