<div dir="ltr">Thanks Joe I'll look into ansible. Laurie would you happen to have your slides from the presentation? I'm a little upset that I couldn't make it for the last meet.<br></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Fri, Feb 7, 2014 at 9:56 AM, L.D. Paniak <span dir="ltr"><<a href="mailto:ldpaniak@fourpisolutions.com" target="_blank">ldpaniak@fourpisolutions.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
For managing user, groups and account permissions of authenticated web<br>
services, I have had success using Samba4 with Windows tools. Use the<br>
Active Directory structures you set up in Samba4 to mange the backend<br>
and have your web services query the AD controller via LDAP for<br>
permissions when a user logs in. It will probably take some work to<br>
rationalize the structure of your domain, but administration afterward<br>
should be reduced to a secretarial task.<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
On 02/07/2014 08:14 AM, Joe Wennechuk wrote:<br>
> Sounds to me like LDAP is not what you want. If you are administering several servers there are good tools. I am most familiar with ansible, and I love it.<br>
><br>
> <a href="http://www.infoworld.com/d/data-center/review-puppet-vs-chef-vs-ansible-vs-salt-231308" target="_blank">http://www.infoworld.com/d/data-center/review-puppet-vs-chef-vs-ansible-vs-salt-231308</a><br>
><br>
><br>
> ________________________________<br>
>> Date: Fri, 7 Feb 2014 03:11:00 -0500<br>
>> From: <a href="mailto:chamunks@gmail.com">chamunks@gmail.com</a><br>
>> To: <a href="mailto:kwlug-disc@kwlug.org">kwlug-disc@kwlug.org</a><br>
>> Subject: [kwlug-disc] LDAP Integration question.<br>
>><br>
>> I have been growing a bit of a web community over this past year<br>
>> learning an awful lot about systems administration. This process has<br>
>> lead me to learn that giving a little can get you a lot. This said<br>
>> I've ended up with a bit of a dilema. I have this massively complex<br>
>> network of different services and servers here and there that require<br>
>> maintenance and security and all to be updated as well. So in my<br>
>> attempt to not only cater to the opensource community surrounding the<br>
>> game that I support, I have many servers with many roles kicking<br>
>> around.<br>
>><br>
>> I've been toying with the idea of LDAP, unfortunately my recording of<br>
>> the LDAP meeting was just frustrating for me to review, as I just don't<br>
>> have the time and hardware to record it properly. I'll avoid going<br>
>> much further into my situation but essentially I have a few things that<br>
>> need LDAP integration. Such as.<br>
>> <a href="http://GitLab.nixium.com" target="_blank">GitLab.nixium.com</a><<a href="http://GitLab.nixium.com" target="_blank">http://GitLab.nixium.com</a>> (Self Hosted GitHub variant)<br>
>> <a href="http://ci.nixium.com" target="_blank">ci.nixium.com</a><<a href="http://ci.nixium.com" target="_blank">http://ci.nixium.com</a>> (Jenkins Java build service)<br>
>> <a href="http://nagios.nixium.com/nagios3/" target="_blank">nagios.nixium.com/nagios3/</a><<a href="http://nagios.nixium.com/nagios3/" target="_blank">http://nagios.nixium.com/nagios3/</a>> (A<br>
>> learning project)<br>
>> <a href="http://irc.nixium.com:5500" target="_blank">irc.nixium.com:5500</a><<a href="http://irc.nixium.com:5500" target="_blank">http://irc.nixium.com:5500</a>> [znc] a bouncer I'm<br>
>> sharing with devs from the community.<br>
>> An LDAP instance running phpLDAPadmin (for security purposes address<br>
>> omitted from this email)<br>
>> [Planned Puppet Master Server]<br>
>><br>
>> Then an array of minecraft related servers/services that require per<br>
>> box and per service account management.<br>
>><br>
>> Clearly handling this starts to get a bit out of hand. My issue is I<br>
>> have no clue how to manage the roles here. Nor do I recall how to<br>
>> handle config files like the following example.<br>
>><br>
>> <a href="https://raymii.org/s/tutorials/Gitlab_and_Active_Directory_LDAP_Authentication.html" target="_blank">https://raymii.org/s/tutorials/Gitlab_and_Active_Directory_LDAP_Authentication.html</a><br>
>><br>
>> Basically I'm unsure of how to create a schema that will handle this<br>
>> complexity.<br>
>><br>
>> _______________________________________________ kwlug-disc mailing list<br>
>> <a href="mailto:kwlug-disc@kwlug.org">kwlug-disc@kwlug.org</a><br>
>> <a href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" target="_blank">http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org</a><br>
> _______________________________________________<br>
> kwlug-disc mailing list<br>
> <a href="mailto:kwlug-disc@kwlug.org">kwlug-disc@kwlug.org</a><br>
> <a href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" target="_blank">http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org</a><br>
<br>
<br>
</div></div><br>_______________________________________________<br>
kwlug-disc mailing list<br>
<a href="mailto:kwlug-disc@kwlug.org">kwlug-disc@kwlug.org</a><br>
<a href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" target="_blank">http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org</a><br>
<br></blockquote></div><br></div>