Morgan> I'm interested in setting up a small setup that would be a Morgan> centralized authentication. With my work experience I would Morgan> lean to AD and LDAP, but I don't run any Windows boxes and Morgan> don't understand raw LDAP.
Morgan> Any suggestions? I have to think there's a good solution for Morgan> small organizations. I could just Chef it based on databags, Morgan> but that doesn't let users change their own passwords, which I Morgan> see as a major downside. Morgan> I have 3 nodes, two Linux Linodes, and 1 reseller cPanel Morgan> account on Surpass (can't install custom software there). As a learning experience, I setup LDAP at home and I use that for my four to five linux boxes I have setup for myself and the kids. I should even plug in the Windows boxes as a test, but haven't gotten there yet. In any case, it wasn't that hard, but I'm also not sure how secure it is overall compared to AD and such. Time to investigate. No in your case, I think I'd be more worried about the security aspects, since if you wanted all three boxes to use the same LDAP, you'd need to have them talking over the Internet to sync up. So your now into the realm of certificates and such. None of which is a major problem. My notes for my home setup are pretty sparse, but they do the trick for a debian based environment which I run. Basically you just need to have apt-get install libpam-ldap ldap-utils nfs-client tcsh openssh-server Now I did nfs-client because I mount homedirs from a central NFS server. I have to modify the following files: /etc/nsswitch.conf /etc/libnss-ldap.conf /etc/libnss-ldap.secret /etc/ldap/ldap.conf and I'd be happy to share the details, once I scrub out my personal details and such. But in my own initial testing, I've found that I'm not as smart as I thought and that I need to fix my own LDAP setup. Ooops! It works, it's just not properly setup for allowing end user password changes. John _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
