On Jul 24, 2018, at 6:32 AM, Brimacomb, Brent (TPF) wrote: > Anyone hosting a LDAP server on z/Linux? Assume you're running OpenLDAP? > What, if any, GUI are you using for admin?
I did, almost ten years ago, when I was last involved with Linux on z. Straight OpenLDAP, ppolicy overlay, no GUI. > Other gotcha's we should be aware of? Getting a linux client with NSS and PAM configured so "it works" is (relatively) easy. Getting it configured so it works without surprising edge cases in the event of, for example, LDAP being unavailable, or if you want password policy implemented, is extremely challenging---and keeps changing from release to release (sometimes in not-so-subtle ways). The documentation for this has always sucked, lacking many important details and glossing over fine points which turn out to be extremely relevant. I had to go to the source on more than one occasion to discover things like two options which are documented as equivalent actually have different code paths. But this isn't z-specific, or even OpenLDAP specific. Also, the opposite of a gotcha: our particular use case at that time (centralized auth for a lot of penguins all virtualized on one machine) meant that the usual drawbacks of a multi-master replication setup were immaterial (i.e. no realistic chance of a network split on a shared VSWITCH), which greatly simplified things. ok bear. -- until further notice ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
