I can vouch for cent5/6... And 6 seems to prefer SSSD - no /etc/[pam_]ldap.conf
but an sssd.conf instead - which I understand is the preferred method now in
Fedora too (using SSSD which can also replace NSCD).
I noticed that someone felt the need to rewrite PADL's PAM plugin for Cent6,
but it introduces a new service; might as well go for the newer and shinier
method.
My .02 - sorry for top posting; PDA.
----- Original Message -----
From:
[email protected]<[email protected]>
To: [email protected]<[email protected]>
Sent: Mon Dec 19 00:52:20 2011
Subject: Re: OpenLDAP for Central Auth?
Hi
On 12/19/2011 08:18 AM, Craig T wrote:
Hi,
Has anyone successfully deployed OpenLDAP for central auth in a very mixed unix
environment? With Host based access control? Plus any documentation would be
really great.
Yes, that's no problem. And for documentation, take a look at your
distro specific man pages or wikis.
My needs;
- Central Auth
No problem with nss ldap and pam ldap libraries...
- Host based access control (e.g. user "John" from group "accounts" can't log into
"development servers".
Sure with pam_groupdn or a specific search filter, maybe with the
memberOf attribute.
- Caching for Client logins on laptops. I figure SSSD will be useful here?
I guess you mean user&password caching? Then the nscd Daemon is your
friend. Or do you mean credential caching for one session with Single
Sign On, then a kerberos setup is you best option.
- Encryption (This looks pretty straight forward in the OpenLDAP 2.4 doco)
Also no problem.... Just compile the newest OpenLDAP with OpenSSL support.
Client OS's involved;
- Solaris 9/10
- Fedora 15/16
- Centos 5/6
No problem, I don't know the Solaris setup, but I guess it's pretty much
the same.
cya
Craig
--
Raffael Sahli
[email protected]
Switzerland
This message is private and confidential. If you have received it in error,
please notify the sender and remove it from your system.
