Hi all,
I'm far from being openLDAP and more generally Linux advanced user but I'd love to be if I could find some architecture guidance for the following use case. (I've only been playing from time to time with openLDAP on Windows boxes - shame on me :))
I'm currently using 30 Linux server in my business unit. Almost 10 different sysadmin have to administer those servers. I'd like to have a centralized directory gartering all those 30 x 10 accounts so that I could have one single place du manage my identities. All my servers could then authenticate agains this directory.
Could openLDAP and some adding tools provide me the right architecture to reach this goal ? Any pointer on this issue will please me ( Google only lead me to basical information about configuring openLDAP on standalone linux boxes)
Thanks a lot
LM
On Monday, 19 April 2010 14:10:17 Marot Laurent wrote:
Hi all,
I'm far from being openLDAP and more generally Linux advanced user but I'd love to be if I could find some architecture guidance for the following use case. (I've only been playing from time to time with openLDAP on Windows boxes - shame on me :))
I'm currently using 30 Linux server in my business unit. Almost 10 different sysadmin have to administer those servers. I'd like to have a centralized directory gartering all those 30 x 10 accounts so that I could have one single place du manage my identities. All my servers could then authenticate agains this directory.
Could openLDAP and some adding tools provide me the right architecture to reach this goal ? Any pointer on this issue will please me ( Google only lead me to basical information about configuring openLDAP on standalone linux boxes)
Yes. Without something like OpenLDAP/nss_ldap/pam_ldap (or pam_krb5), you will not be able to implement password policy requirements (or, even ensure that old accounts are removed), without significant administrative overhead.
This is a common requirement, solved by many organisations, using (relatively) mature tools. You should be able to find sufficient reference material without looking too hard.
(Hint: what in any of the information about configuring standalone servers relied upon the server and client being on the same host?)
Regards, Buchan
openldap-technical@openldap.org