Hi Craig,
> Hi, > > Has anyone successfully deployed OpenLDAP for central auth in a very mixed > unix environment? With Host > based access control? Plus any documentation would be really great. > > My needs; > - Central Auth > - Host based access control (e.g. user "John" from group "accounts" can't log > into "development servers". > - Caching for Client logins on laptops. I figure SSSD will be useful here? > - Encryption (This looks pretty straight forward in the OpenLDAP 2.4 doco) > > Client OS's involved; > - Solaris 9/10 > - Fedora 15/16 > - Centos 5/6 > > > cya > > Craig A solution which will cover most of Your needs is in production here: Central Auth Client OS's: - Solaris 9/10 (working on 11) - HPUX 11.x - AIX 5/6 - Fedora/Redhat Host based access control: - nis-netgroups for hosts - nis-netgroups for users - members of user-netgroup 'oracle_dba' can log into machines from host-netgroup 'oracle_db_server' Role based access control: - sudo profiles for each role - sudoUser by user-netgroups (example: 'oracle_dba') - sudoHost by host-netgroups (example: oracle_db_server') Encryption: tls/ssl Pretty much straight forward from standard docs. Juergen Sprenger
