Slashdot Mirror

← Back to Stories (view on slashdot.org)

LDAP Authentication in Linux

Posted by ryuzaki0 on from the roadmaps dept.

hausmasta writes "HowtoForge has published a walkthrough to show you how to store your users in LDAP and authenticate some of the services against it. It will not show how to install particular packages, as it is distribution/system dependent, instead it will focus on pure configuration of all components needed to have LDAP authentication/storage of users. The howto assumes that you are migrating from a regular passwd/shadow authentication, but it is also suitable for people who do it from scratch."

3 of 189 comments (clear)

  1. Re:Why would one want to do this? by antlope · · Score: 5, Informative

    For the same reasons as one would use NIS in the past, to allow central control and a single point of administration for your users.
    With some decent admin tools you can even share your users between variants of Unix and Windows environments.
    There are some advantages of LDAP over NIS which are worth mentioning. LDAP can be made more secure than NIS (NIS+ is better in this respect, but oh so much more of a pain to administer) through the use of SSL or better authentication methods. LDAP will usually scale better for many thousands of users than plain NIS. NIS is limited as to what data may be stored for a user, which is ok if all you want your user database for is authentication and basic authorization, but LDAP is much more flexible if you need to store other user information and would rather have a single user store.
    There are some sites that even use Unix LDAP clients to authenticate to an Active Directory service running on windows platforms. This can be done much more transparantly with LDAP than many other authentication methods.

    /Anthony Whitehead
    http://www.nordicedge.se/
    NordicEdge AB

  2. Re:Why would one want to do this? by antlope · · Score: 4, Informative

    Most of the common maps, including the auto-mount maps have schema and attributes in LDAP. So its just a simple matter of using a migration tool (or doing it by hand) to build your LDAP version of the auto-mount map.

    A quick google and here is a link you might like to look at:

    http://www.linuxjournal.com/article/6266
    There are many other sources of information on this out there.

    Anthony Whitehead
    NordicEdge AB

  3. Re:I always wondered... by guruevi · · Score: 4, Informative

    It is otherwise widely used hidden under proprietary MS code: Active Directory is a pure Kerberos + LDAPv3 implementation except that for synching and logging in (the essential outside communications that other platforms would like to use) is proprietary and they changed some things to the standard scheme too (SID etc.) which makes it useless for anybody but MS.

    OpenDirectory by Apple is also an LDAPv3 implementation be it more pure than MS's implementation. You can combine both AD and OD on Mac to get a unified Windows-compatible login capabilities in the network that also get the benefits of using OD (force preferences and security settings on users/computers) without schema changes on either side.

    RedHat also relies on LDAP for network-wide authentication in their products as does IBM and recently even Novell and lots of companies use it for different purposes in one or another way.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com