Re: [SAGE] Help with centralizing account management

[Stephen L Johnson <sjohnson@monsters.org>]

You difficulties with LDAP under *BSD sound like you've only set it up
to do authentication. pam_ldap only handles authentication. Directory
Services are handled by the libc get*() functions.  You have to
configure the systems directory service lookups to use LDAP via
/etc/nsswitch.conf(?) or what *BSD uses. (Please forgive my ignorance, I
have used *BSD that much). 

At work, we've setup an Enterprise FTP server using LDAP as the account
DB. It works quite well. Using LDAP has eased management in many ways. 

There is only two weak spots I found in pam_ldap. One there is no
provision for using more then one LDAP server. The other is not being
able to log into the service is it can't contact the LDAP server. Even
if the user is in the local files.

I suspect the later problem could be solved by a pam configuration
tweak. But it hasn't been a serious problem as yet.



On Tue, 2002-07-16 at 13:21, Paul Dlug wrote:
> I need some help finding a solution to manage user accounts from a central 
> location. Our environment is composed of Solaris and FreeBSD servers (some 
> scattered linux as well) with a rollout of around 20 FreeBSD desktops 
> planned. NIS+ is currently being used on Solaris, the FreeBSD hosts are 
> maintained manually since they're primarily servers with one or two user 
> accounts. There is a planned migration to LDAP in the next few weeks as we 
> move toward Solaris 9. I tested pam_ldap with FreeBSD and it works, however a 
> password file entry is still necessary so it doesn't really solve the 
> problem. LDAP seems like it's the right choice and it works well under 
> Solaris however I don't see mature support for it under *BSD and linux. Can 
> someone recommend a solution?
> 
> Thanks,
> Paul

--
Stephen L Johnson <sjohnson@monsters.org