Re: OpenLDAP for Central Auth?

[Raffael Sahli <public@raffaelsahli.com>]

Hi

On 12/19/2011 08:18 AM, Craig T wrote:
> Hi,
>
> Has anyone successfully deployed OpenLDAP for central auth in a very mixed unix environment? With Host based access control? Plus any documentation would be really great.
Yes, that's no problem. And for documentation, take a look at your 
distro specific man pages or wikis.

> My needs;
> - Central Auth
No problem with nss ldap and pam ldap libraries...
> - Host based access control (e.g. user "John" from group "accounts" can't log into "development servers".
Sure with pam_groupdn or a specific search filter, maybe with the 
memberOf attribute.

> - Caching for Client logins on laptops. I figure SSSD will be useful here?
I guess you mean user&password caching? Then the nscd Daemon is your 
friend. Or do you mean credential caching for one session with Single 
Sign On, then a kerberos setup is you best option.

> - Encryption (This looks pretty straight forward in the OpenLDAP 2.4 doco)
Also no problem.... Just compile the newest OpenLDAP with OpenSSL support.

> Client OS's involved;
> - Solaris 9/10
> - Fedora 15/16
> - Centos 5/6
No problem, I don't know the Solaris setup, but I guess it's pretty much 
the same.

> cya
>
> Craig


--
Raffael Sahli
public@raffaelsahli.com
Switzerland