LDAP hell

I decided to put all authentication/authorization into one place. There are few choices. I opted for LDAP for various reasons. I should mention that I just understand some concepts of LDAP and don't understand details of implementation. The main goal was to put authentication information for all the systems we use (shell, samba, subversion, email) into one place. Second in importance is to have an LDAP installation for test purposes. We want to implement authorisation library which could be easily extended to use different backends one of them being LDAP.

Here is a list of guides I found useful for the task:
http://times.usefulinc.com/2005/09/25-ldap
http://www.rrcomputerconsulting.com/view.php?article_id=3
http://ubuntuforums.org/showthread.php?t=640760

To configure subversion I used these:
http://www.idimmu.net/2008/01/15/Apache2-ldap-auth-on-Ubuntu-Dapper-and-Feisty
http://blogs.open.collab.net/svn/2007/03/subversion_ldap.html

Now to create a user:
smbldap-useradd -a -m -M ricky -c "Richard M" ricky
-a allows Windows as well as Linux login
-m makes a home directory, leave this off if you do not need local access. PAM will be configured to automatically create a home directory.
-M sets up the username part of their email address
-c specifies their full name
smbldap-passwd ricky

Groups can be added:
smbldap-groupadd -a groupname

Membership are easily managed through Eclipse and LDAP browser.

I wish there is a web based UI to manage users, groups and memberships. Will have to research something....