[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Design Advice

On Tue, May 01, 2001 at 11:45:28AM -0400, Andrew Crum wrote:
> I specifically want these features:
> -SSL support. All communication with the LDAP server must be secure. I can't
> have password flying around in plain-text.

Stunnel.  It is another package that you install on the server that answers in
SSL, then connectsback to plain localhost port.

For Perl scripts, Net::LDAP also supports SSL no sweat!

> -Users on unix/linux authenticate from the ldap directory instead of though
> NIS as we are doing now.


Failing that, you use password hashes compatible with your Unix system, and
script something up such that a special account can be bind()ed from the Unix
client to build passwd maps with.  My interim ambition is to run NIS against
LDAP and then wean ourselves off of NIS.

> -Users on Windows 2000 authenticate from the ldap directory. (Samba
> intergration)

See other port.

> -Users on MacOS 9 and X authenticate from the ldap directory. (netatalk for
> os9 intergration).

OS 9?  What are you hoping to authenticate?  I know OS X can work against