[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
re: OpenLDAP for Central Auth?
Hi Craig,
> Hi,
>
> Has anyone successfully deployed OpenLDAP for central auth in a very mixed unix environment? With Host
> based access control? Plus any documentation would be really great.
>
> My needs;
> - Central Auth
> - Host based access control (e.g. user "John" from group "accounts" can't log into "development servers".
> - Caching for Client logins on laptops. I figure SSSD will be useful here?
> - Encryption (This looks pretty straight forward in the OpenLDAP 2.4 doco)
>
> Client OS's involved;
> - Solaris 9/10
> - Fedora 15/16
> - Centos 5/6
>
>
> cya
>
> Craig
A solution which will cover most of Your needs is in production here:
Central Auth
Client OS's:
- Solaris 9/10 (working on 11)
- HPUX 11.x
- AIX 5/6
- Fedora/Redhat
Host based access control:
- nis-netgroups for hosts
- nis-netgroups for users
- members of user-netgroup 'oracle_dba' can log into machines from host-netgroup 'oracle_db_server'
Role based access control:
- sudo profiles for each role
- sudoUser by user-netgroups (example: 'oracle_dba')
- sudoHost by host-netgroups (example: oracle_db_server')
Encryption: tls/ssl
Pretty much straight forward from standard docs.
Juergen Sprenger