On 25/06/2010 23:21, Jamie Bohr wrote:
Hello All,
Sorry this is off-topic but I would like some advise from this list
and possibly get an understanding of what other large organizations
are doing for UNIX/Linux authentication management.
I am a Senior Administrator for 3000 UNIX/Linux based devices ranging
from HP-UX 10.20-11.31, Solaris 8-10 and RHEL 3-5 at 40 different
sites. Most are using NIS for authentication (separate NIS domains)
and the AMD (am-utils) automounter. I would like to move
authentication to LDAP (AD would be better) but before I invest a lot
of time and effort I would like advise from this list on what
direction I should go.
Because some of the devices are NOT capable of using LDAP (or AD) for
authentication I will need to keep NIS around until they can be
removed from the environment. If I move to LDAP I would like as much
put into LDAP as possible including Netgroup, automounter maps and
sudo permissions.
A few questions:
1. Do you manage a multi-site, multi-geography environment using LDAP?
1. If so, what LDAP version do you use?
2. Do you keep automounter maps in LDAP?
3. Do you keep netgroups in LDAP?
4. Do you have SUDO information in LDAP?
5. Do you support OSes other than Linux with LDAP?
1. If so, what OSes and version, i.e.: HP-UX 11.23, ...
2. Would Fedora Directory server, FreeIPA or something else be the
way to go?
3. Any advice on resolving over lapping UIDs/GIDs?
4. Have anyone used Likewise (or something like it) to authenticate
of an AD domain?
--
Jamie Bohr
Hi
Might be worthwhile asking on http://directory.fedoraproject.org/ Rich
Megginson has been doing ldap things since the year dot, so would
probably be able to give you some pointers.
Bryan
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
