On Monday, 19 April 2010 14:10:17 Marot Laurent wrote: > Hi all, > > I'm far from being openLDAP and more generally Linux advanced user but I'd > love to be if I could find some architecture guidance for the following > use case. (I've only been playing from time to time with openLDAP on > Windows boxes - shame on me :)) > > I'm currently using 30 Linux server in my business unit. Almost 10 > different sysadmin have to administer those servers. I'd like to have a > centralized directory gartering all those 30 x 10 accounts so that I > could have one single place du manage my identities. All my servers could > then authenticate agains this directory. > > Could openLDAP and some adding tools provide me the right architecture to > reach this goal ? Any pointer on this issue will please me ( Google only > lead me to basical information about configuring openLDAP on standalone > linux boxes)
Yes. Without something like OpenLDAP/nss_ldap/pam_ldap (or pam_krb5), you will not be able to implement password policy requirements (or, even ensure that old accounts are removed), without significant administrative overhead. This is a common requirement, solved by many organisations, using (relatively) mature tools. You should be able to find sufficient reference material without looking too hard. (Hint: what in any of the information about configuring standalone servers relied upon the server and client being on the same host?) Regards, Buchan
