[Date Prev][Date Next]
big company with different affiliates, how to integrate?
- To: firstname.lastname@example.org
- Subject: big company with different affiliates, how to integrate?
- From: Pieter Baele <email@example.com>
- Date: Mon, 7 Feb 2011 20:09:15 +0100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type; bh=sMsN3Q1x5QKJxPJZEzwms3AajW/1mRHgk5zksqC7ypY=; b=EA5HXuTK8OalxugEtnQwmOFeMkkifUaH+/BUq/MiXQUIeukqhPeBHG3AWP5iM0gzk9 DZL4muB6+SM6s0tL7s+hSsM/TfcVMmr5bY8LV4rKu673NQsnnn9jGCzAbqJPIqsfmDzI qfuGB7sx4T4SXy5IpAI+K4rBE3yAO+jldJBSk=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=LoyP1xk8Vg9cUBCdnSKNTcr0KkhDiYIBElHC6+vLl4MbaivXkNKL3VBB8p01k//dww d8WgwjUbMWSDCH7Fsvq67APYEYrgfmv5xg/97HZfZptssAHUWMsdCgiKWN9JLf7U42WH aCqJlueOCAcldmvNVGA5j/XuNAPc/Ow1uug/c=
How would you integrate several companies with one mother company?
(where our Linux team and IT is part of)
We need to implement different OpenLDAP servers because of
But I'm not sure how to do this.
Each company needs his own pair of multi-master LDAP servers. (for HA)
Each LDAP server pair belongs to one of the affiliates and there has
to be a 'chinese wall' between those (if possible)
Off course it should not be possible for employees from company A to
authenticate through the LDAP server of company B.
Except for esx, kvm and other virtualization hosts each server belongs
also to only 1 of these subcompanies.
But for me and other admins it should be possible to access and manage
all servers using the same password and tooling (like puppet with LDAP...)
My idea was some combination of chaining, proxy... (or other overlays).
We could use the LDAP server of the mother company as the last part of
The DIT / right structure is also still an issue for me (I'm not an LDAP expert)
Other nice to haves are some AD integration and kerberos, but this has
nothing to do with my question :-)