I can be used for any of it.
Here, we use OpenLDAP for authentication (login) and authorization (who can login via sshd allowed groups, who can sudo) on our group's systems – this requires the information being available as well as configuring the clients to USE that information. We also use it to store inventory data which is neither authn or authz (hey, OpenLDAP is a decent hammer and the problem at the time looked like a nail).
Corporate uses Microsoft Active Directory (based on LDAP) – which is used for authn, authz, and a plethora of other uses (mail settings, location info, managing host 'members', etc).
Perhaps googling "what is LDAP for" would be a good place to start with your questions.
From: openldap-technical [mailto:email@example.com]
On Behalf Of Kaushal Shriyan
Thanks for the explanation. Does AAI mean Authentication Authorization Identity and SSO mean Single Sign On?
As per your example of OpenLDAP + Kerberos or Radius. is Openldap used for Authentication and Kerberos or Radius server for Authorization? Please clarify.
On Mon, 10 Aug 2015 at 17:37 Nick Milas <firstname.lastname@example.org> wrote:
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.