[Date Prev][Date Next] [Chronological] [Thread] [Top]

re: OpenLDAP for Central Auth?

To: <openldap@noboost.org>
Subject: re: OpenLDAP for Central Auth?
From: <Juergen.Sprenger@swisscom.com>
Date: Mon, 19 Dec 2011 13:32:03 +0000
Accept-language: en-US, de-CH
Cc: openldap-technical@openldap.org
Content-language: en-US
Thread-index: Acy+UpdC9YSVk14nTzyuZGMxdmb5aQ==
Thread-topic: re: OpenLDAP for Central Auth?

Hi Craig,


> Hi,
>
> Has anyone successfully deployed OpenLDAP for central auth in a very mixed unix environment? With Host 
> based access  control? Plus any documentation would be really great. 
>
> My needs;
> - Central Auth
> - Host based access control (e.g. user "John" from group "accounts" can't log into "development servers".
> - Caching for Client logins on laptops. I figure SSSD will be useful here?
> - Encryption (This looks pretty straight forward in the OpenLDAP 2.4 doco)
>
> Client OS's involved;
> - Solaris 9/10
> - Fedora 15/16
> - Centos 5/6
>
>
> cya
>
> Craig

A solution which will cover most of Your needs is in production here:

Central Auth

Client OS's: 
- Solaris 9/10 (working on 11)
- HPUX 11.x
- AIX 5/6
- Fedora/Redhat

Host based access control:
- nis-netgroups for hosts
- nis-netgroups for users
- members of user-netgroup 'oracle_dba' can log into machines from host-netgroup 'oracle_db_server'

Role based access control:
- sudo profiles for each role
- sudoUser by user-netgroups (example: 'oracle_dba')
- sudoHost by host-netgroups (example: oracle_db_server')

Encryption: tls/ssl

Pretty much straight forward from standard docs.

Juergen Sprenger

Follow-Ups:
- Re: OpenLDAP for Central Auth?
  - From: NetNinja <2bitninja@gmail.com>

Prev by Date: AW: Trying to add vacation.schema - object class violation error
Next by Date: problem with openldap identity assertion to AD server
Index(es):
- Chronological
- Thread