I can vouch for cent5/6... And 6 seems to prefer SSSD - no /etc/[pam_]ldap.conf but an sssd.conf instead - which I understand is the preferred method now in Fedora too (using SSSD which can also replace NSCD).
I noticed that someone felt the need to rewrite PADL's PAM plugin for Cent6, but it introduces a new service; might as well go for the newer and shinier method. My .02 - sorry for top posting; PDA. ----- Original Message ----- From: [email protected] <[email protected]> To: [email protected] <[email protected]> Sent: Mon Dec 19 00:52:20 2011 Subject: Re: OpenLDAP for Central Auth? Hi On 12/19/2011 08:18 AM, Craig T wrote: > Hi, > > Has anyone successfully deployed OpenLDAP for central auth in a very mixed > unix environment? With Host based access control? Plus any documentation > would be really great. Yes, that's no problem. And for documentation, take a look at your distro specific man pages or wikis. > > > My needs; > - Central Auth No problem with nss ldap and pam ldap libraries... > - Host based access control (e.g. user "John" from group "accounts" can't log > into "development servers". Sure with pam_groupdn or a specific search filter, maybe with the memberOf attribute. > - Caching for Client logins on laptops. I figure SSSD will be useful here? I guess you mean user&password caching? Then the nscd Daemon is your friend. Or do you mean credential caching for one session with Single Sign On, then a kerberos setup is you best option. > - Encryption (This looks pretty straight forward in the OpenLDAP 2.4 doco) Also no problem.... Just compile the newest OpenLDAP with OpenSSL support. > > Client OS's involved; > - Solaris 9/10 > - Fedora 15/16 > - Centos 5/6 No problem, I don't know the Solaris setup, but I guess it's pretty much the same. > > > cya > > Craig > -- Raffael Sahli [email protected] Switzerland This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
