[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP for Central Auth?

To: "'openldap-technical@openldap.org'" <openldap-technical@openldap.org>
Subject: Re: OpenLDAP for Central Auth?
From: Chris Jacobs <Chris.Jacobs@apollogrp.edu>
Date: Mon, 19 Dec 2011 01:03:13 -0700
Accept-language: en-US
Acceptlanguage: en-US
Content-language: en-US
In-reply-to: <4EEEED34.8050307@raffaelsahli.com>
Thread-index: Acy+I8YOTz28zYs5Q0O/wJNxMarsAwAAOGUF
Thread-topic: OpenLDAP for Central Auth?

I can vouch for cent5/6... And 6 seems to prefer SSSD - no /etc/[pam_]ldap.conf but an sssd.conf instead - which I understand is the preferred method now in Fedora too (using SSSD which can also replace NSCD).

I noticed that someone felt the need to rewrite PADL's PAM plugin for Cent6, but it introduces a new service; might as well go for the newer and shinier method.

My .02 - sorry for top posting; PDA.


----- Original Message -----
From: openldap-technical-bounces@OpenLDAP.org <openldap-technical-bounces@OpenLDAP.org>
To: openldap-technical@openldap.org <openldap-technical@openldap.org>
Sent: Mon Dec 19 00:52:20 2011
Subject: Re: OpenLDAP for Central Auth?

Hi

On 12/19/2011 08:18 AM, Craig T wrote:
> Hi,
>
> Has anyone successfully deployed OpenLDAP for central auth in a very mixed unix environment? With Host based access control? Plus any documentation would be really great.
Yes, that's no problem. And for documentation, take a look at your
distro specific man pages or wikis.

>
>
> My needs;
> - Central Auth
No problem with nss ldap and pam ldap libraries...
> - Host based access control (e.g. user "John" from group "accounts" can't log into "development servers".
Sure with pam_groupdn or a specific search filter, maybe with the
memberOf attribute.

> - Caching for Client logins on laptops. I figure SSSD will be useful here?
I guess you mean user&password caching? Then the nscd Daemon is your
friend. Or do you mean credential caching for one session with Single
Sign On, then a kerberos setup is you best option.

> - Encryption (This looks pretty straight forward in the OpenLDAP 2.4 doco)
Also no problem.... Just compile the newest OpenLDAP with OpenSSL support.

>
> Client OS's involved;
> - Solaris 9/10
> - Fedora 15/16
> - Centos 5/6
No problem, I don't know the Solaris setup, but I guess it's pretty much
the same.

>
>
> cya
>
> Craig
>


--
Raffael Sahli
public@raffaelsahli.com
Switzerland



This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.

Follow-Ups:
- Re: OpenLDAP for Central Auth?
  - From: Craig T <openldap@noboost.org>

References:
- Re: OpenLDAP for Central Auth?
  - From: Raffael Sahli <public@raffaelsahli.com>

Prev by Date: Re: OpenLDAP for Central Auth?
Next by Date: Re: OpenLDAP for Central Auth?
Index(es):
- Chronological
- Thread