[Date Prev][Date Next]
ldap proxy/cache/replication, ala AD
I am about to start the migration of one of our offices from Windows to Linux,
on all the desktops.
One thing I wish to implement is central authentication like users and
administrators are used to with AD, hence ldap.
So far I'm happy with doing this, my desktop is doing so and currently working
A feature of windows when authenticating from AD is that if you've logged in
sucessfully against the domain, you can do so again wherever that machine may
be, or status of the domain controller.
Meaning a laptop user can take it home, and continue to login and out as if it
was still at work.
Can I do something like this securely with openldap?
Syncrepl looks promising, but it's probable, in limited circumstances, the
user may have root, or sudo root, access. Obviously they shouldn't have read
access to sensitive information contained in the copy, or partial copy, of
the ldap directory on their machine.
Could a proxy/cache hold onto information queried indefinetely, and update it
on the next query if a valid server is available?
Network security is fine, as the ldap server will only accept ldaps, or local
Senior Systems Administrator - Global Operations - Comodo
Invent ² Secure
Office Tel Europe: +44 (0) 161 8747070
Fax Europe: +44 (0) 161 8771767