I've been setting up LDAP for the first time and so far I have made up to:
  • Set up Authentication server (default)
  • Set up Authentication client (default) and only added one authentication mechanism as they was required. The 3 fields I set at: id_provider=ldap, ldap_schema=rfc2307bis, ldap_url=ldap://ldap.mydomain.com .
  • Went to Users and added a couple of LDAP users, LDAP groups and added the 2 groups to one of the users.


But the final bit I can't find how to do. What I want to do is:
  • Associate the groups with directories so if a user is a member of the group they have permission to access the directories associated with the group.
  • Have a more full user creation. E.g. When I created a LDAP user the directory for the user under /home/theuser/ was virtually empty and only had two empty directories called bin and public_html.
  • Use LDAP to do what NIS would do - unless someone tells me that's a bad idea but what I have read suggests moving it all under LDAP is the way to go.
  • When I log out to the log in screen I only see the non-LDAP users to log in as so I would like to make this work.


I'm sure this is all basic stuff for someone who has set up LDAP before but this is the very first time I have used it.

Also, I saw an option to use kerberos however thinking it might add extra complexity I don't want to deal with just yet I left it off. Does anyone know if this is just a matter of saying "yes, use it" or does it add more complexity?