[Date Prev][Date Next]
Re: Authentication/Authorization Recommendations
With all due respect, if I were running an otherwise all-Windows shop,
and wanted a directory-based AuthN/AuthZ environment, I'd just use
Active Directory. I mean why add management of Linux and Samba and
OpenLDAP and all that stuff on top of the Windows admin workload, and
have to deal with all the minor (and sometime not-so-minor) issues
you'll have trying to make that work with MS. And if it doesn't work
you'll get no help from Microsoft.
Don't get me wrong, I like open source software and all, and if you
want to provide an LDAP directory service in a heterogeneous
environment, then what you're describing makes a lot more sense to me,
but it does not sound like that is what you're dealing with.
Also I'd get rid of the Win98.
Just my $0.02.
On Thursday, October 23, 2003, at 08:38 AM, Jason.McGlamary@Medstar.net
First, I want to say that I understand I am probably asking for
in this message, so I apologize if it irritates anyone. However, I'd
really appreciate anyone who is willing to bear with me and offer some
advice on the type of OpenLDAP configuration that would best suit my
I've read through all the list posts for the past several months, have
checked the archives and the documentation. I've been experimenting
the application with mostly successful results. The part that still
me is determining the best authentication and authorization mechanisms
use for my project. With that in mind, the following are details on my
I have 2 file and DB servers installed with RH9 (1 is to provide
redundancy). I do not want to trust the company NT PDC for
to my servers, and would rather handle all
our servers myself (mainly limited to a single division of the
The environment for the whole house is Windows based (mostly Win98), so
I'll need to be running Samba for the file sharing aspect. Security
the outside world will be provided by the company firewall, but I
I'd still prefer to secure all communications (no plaintext; passwords
otherwise). I want OpenLDAP to provide authentication to my servers as
well as manage groups for authorization to shares. I'd like users to
able to manage their own passwords (securely), and all authorization
handled by LDAP.
In short, my basic need is to determine how to best configure
openldap for best security while maintaining easy account management
users. I do not really want to make my own PDC though as most docs
w/ Openldap and Samba together seem to lean towards. The main area
been boggling me thus far is the function of SASL, and how to choose a
mechanism to use.
Looking back at this message, it seems to me there is probably a
of area for confusion in my request. If anyone out there is willing to
offer me a clue, I'd be more than happy to expand further as much as
require. Thanks for the patience. LDAP very newbie.
Hoping for a clue,
Division of Nursing - Nursing Informatics
Co-Chair WHC/NRH/IS Focus Forum
Washington Hospital Center