[Date Prev][Date Next]
where to begin with design?
I want to move my current company toward using
ldap for basically every service on the network.
I would like to use ldap for the following things..
Netscape proxy server auth
Netscape calendar server auth
Netscape web server auth
Apache web server auth
VPN server auth (supports ldap).
Radius server auth
Sendmail email routing
Corporate address book for outlook,netscape,eudora,horde/imp, and
a web based interface.
Solaris 2.6, 7, and 8 auth/auto mounting
Linux auth/auto mounting
WinNT 4.0/2000/98 auth
My biggest headache right now is trying to figure
out a design for this whole thing..
Basically my biggest concern is how to do the
unix/nt auth so I can have different groups
of users for classes of machines.. Yet still
maintain single sign on.
Lets say for arguments sake I have 3 different
environments in my company (there are more but
it would get too complex)..
2. customer service
I would like to do something like have a customer
service person only access to the customer service
hosts, a development person access to customerservice
and development hosts, and an admin person access to
all three. Can anyone think of a way to do this
type of setup with ldap? I have been pulling my hair
out trying to come up with a decent design..
Also in some cases some may have proxy access while
another group may not..etc. or maybe there will
be exceptions in each group as well.
Should I go for a massive tree structure like..
| | | | | |
with the possiblity of having the same user in each and every
branch with different info or try to develop some sort of other design?
Groups sound like it might be best but I am stumped on how
to make it all work..
IMHO this is the toughest thing regarding LDAP.. designing
something that can work for everything and be expanded easily
down the road.
Anyone have any suggestions? I sure could use some..