Hi Craig,

Hi,

Has anyone successfully deployed OpenLDAP for central auth in a very mixed unix environment? With Host based access control? Plus any documentation would be really great.

My needs;

• Central Auth
• Host based access control (e.g. user "John" from group "accounts" can't log into "development servers".
• Caching for Client logins on laptops. I figure SSSD will be useful here?
• Encryption (This looks pretty straight forward in the OpenLDAP 2.4 doco)

Client OS's involved;

• Solaris 9/10
• Fedora 15/16
• Centos 5/6

cya

Craig

A solution which will cover most of Your needs is in production here:

Central Auth

Client OS's: - Solaris 9/10 (working on 11) - HPUX 11.x - AIX 5/6 - Fedora/Redhat

Host based access control: - nis-netgroups for hosts - nis-netgroups for users - members of user-netgroup 'oracle_dba' can log into machines from host-netgroup 'oracle_db_server'

Role based access control: - sudo profiles for each role - sudoUser by user-netgroups (example: 'oracle_dba') - sudoHost by host-netgroups (example: oracle_db_server')

Encryption: tls/ssl

Pretty much straight forward from standard docs.

Juergen Sprenger