jseymour at LinxNet.com
Sun Sep 13 16:30:34 UTC 2015
On Sun, 13 Sep 2015 09:05:57 +0100
Rowland Penny <rowlandpenny241155 at gmail.com> wrote:
> Yes, ldbedit is the easiest, you just get the AD object open in
> your editor, change the contents of the 'profilePath' attribute and
Yeah, but that's manual. Great for one-offs, but not so great for
repeated/on-going account maintenance in a production environment.
> ldbmodify is a bit different, you need to create an ldif
> dn: <full AD object ldap path>
> changetype: modify
> replace: profilePath
> profilePath: <new profile path>
> then use ldbmodify to carry out the change
Much mo bettah!
You see: I plan to take this stuff you've been teaching me, lash up a
bit of Perl code, and semi-automate some of this. Right now, because
our systems have kind of... accreted, over the years, creating a new
network user account causes me to have to touch about a dozen
different things. Same when a user departs. That's ludicrous.
With what you've taught me, and what else I've read about SSO, I think
the only major stumbling block to reducing the complexity of account
maintenance is going to be the outside mailserver (i.d. and auth),
which is also our corporate calendaring, and the corporate (LDAP)
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
More information about the samba