* Darren Spruell <[EMAIL PROTECTED]> [2007-08-29 23:48]: > On 8/29/07, Jussi Peltola <[EMAIL PROTECTED]> wrote: > > On Tue, Aug 28, 2007 at 09:17:11PM +0200, Joachim Schipper wrote: > > > P.S. One more issue: you *do* realize that getting OpenBSD to > > > authenticate against LDAP is not entirely trivial, right? This might be > > > a serious problem if the LDAP system is to handle network-wide logins... > > This doesn't stop you from using OpenBSD as the server other machines > > authenticate against, or does it? I think it's only good that users > > can't login to the LDAP server itself. > > No, he's just pointing out that if you're using this to provide > centralized authentication for all the servers in your environment as > well, OpenBSD won't take advantage of it well.
you do get centralized authorization against ldap. what you don't get is name service from ldap. you do need to script sth that gets the accounts from ldap and creates them locally - yes, that sucks. but still password chekcing etc is done against the ldap directory. With a script like mentioned above this should be fine for most setups. (which doesn't mean the having ldap as name service in openbsd would be bad. i hope we'll see that sometime soon) -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
