I received a great response from my earlier LDAP piece. As well as mail from a lot of people in the same position as me, I received notification of two handy looking tools for administering LDAP authentication systems once they're set up. I'd tried a couple of other GUI and web based tools, but none worked to my satisfaction. Again, Google's wasn't too strong at sorting the wheat from the chaff for me.

I've tried neither of these tools yet, but they both look promising.

LAT (LDAP Administration Tool) is a good-looking browser and editor for LDAP directories. It's targeted at the GNOME desktop, and written in Mono. From the screenshots, it looks really polished. The author provides packages for Ubuntu, Gentoo and SuSE as well.

If you want a web interface, rather than GNOME, check out PHP LDAP Admin. It does what it says on the tin. Again, looks polished from the screenshots.

Finally, another correspondent mentioned that home directories can be created automatically on first login if you add this line into /etc/pam.d/common-session:

  session required        pam_mkhomedir.so skel=/etc/skel umask=0077

Update: several people have written to me saying that pam_mkhomedir isn't very useful anymore, as it requires permissions to be such that /home must be world-writeable to work. Alas!

