[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP for Central Auth?


On 12/19/2011 08:18 AM, Craig T wrote:

Has anyone successfully deployed OpenLDAP for central auth in a very mixed unix environment? With Host based access control? Plus any documentation would be really great.
Yes, that's no problem. And for documentation, take a look at your distro specific man pages or wikis.

My needs;
- Central Auth
No problem with nss ldap and pam ldap libraries...
- Host based access control (e.g. user "John" from group "accounts" can't log into "development servers".
Sure with pam_groupdn or a specific search filter, maybe with the memberOf attribute.

- Caching for Client logins on laptops. I figure SSSD will be useful here?
I guess you mean user&password caching? Then the nscd Daemon is your friend. Or do you mean credential caching for one session with Single Sign On, then a kerberos setup is you best option.

- Encryption (This looks pretty straight forward in the OpenLDAP 2.4 doco)
Also no problem.... Just compile the newest OpenLDAP with OpenSSL support.

Client OS's involved;
- Solaris 9/10
- Fedora 15/16
- Centos 5/6
No problem, I don't know the Solaris setup, but I guess it's pretty much the same.



Raffael Sahli