If I keep telling myself to do this stuff, eventually I will!* Setup a bacula server and service to regularly back everything up* Setup LDAP for nss on all servers

LDAP

I want to use this with ldap:

http://packages.debian.org/etch/nss-updatedb

I’ve followed NSSLDAPSetup on the Debian wiki and I ran into an issue where I had to use:

host 127.0.0.1

instead of:

uri ldap://127.0.0.1/

Cool! I think I got it working. So the very cool part about this is the the ‘nss_updatedb ldap passwd” does exactly what I’d hoped it would do. Its not a cache, its a local copy. Cool!

Actually nss_update is only for passwd and group, so that leaves shadow. It is suggested in the nss_updatedb README that libpam_ccreds can be used for that function.

More notes here:

LDAP Notes at Docunext

To-do list: * Improve admin security * Stop using debconf for libnss_ldap.conf and pam_ldap.conf and instead use csync2?* Ensure replication across VPNs

Progress

The progress is going well. Migrating additional machines after the first few is quite easy. I’m a little concerned about disconnected access, but I guess if the machine is disconnected, I wouldn’t be able to ssh in anyway.

Bacula / Backups

John Goerzen has a great post about the latest and greatest backup utilities:

http://changelog.complete.org/posts/706-Backup-Software.html

I’ve tried duplicity and wasn’t thrilled, but dar sounds awesome.

UPDATE April 14, 2008 - I just realized that John Goerzen is the author of offlineimap - that’s awsome! I love that program. :-)

This looks pretty good too:

http://www2.backup-manager.org/